MCL/sf/mw/appinstall: installationservices/swi/source/securitymanager/securitymanager.cpp@ba25891c3a9e (annotated)

0 ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1	/*
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	2	* Copyright (c) 1997-2009 Nokia Corporation and/or its subsidiary(-ies).
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	3	* All rights reserved.
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	4	* This component and the accompanying materials are made available
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	5	* under the terms of the License "Eclipse Public License v1.0"
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	6	* which accompanies this distribution, and is available
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	7	* at the URL "http://www.eclipse.org/legal/epl-v10.html".
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	8	*
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	9	* Initial Contributors:
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	10	* Nokia Corporation - initial contribution.
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	11	*
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	12	* Contributors:
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	13	*
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	14	* Description:
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	15	*
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	16	*/
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	17
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	18
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	19	/**
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	20	@file
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	21	@released
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	22	@internalTechnology
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	23	*/
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	24
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	25	#include <f32file.h>
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	26
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	27	#include "securitymanager.h"
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	28	#include "swi/sishash.h"
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	29	#include "swi/sisdataprovider.h"
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	30	#include "swi/sissignaturealgorithm.h"
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	31	#include "swi/sissignaturecertificatechain.h"
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	32	#include "swi/siscertificatechain.h"
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	33	#include "swi/sisinfo.h"
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	34	#include "swi/sissupportedoptions.h"
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	35	#include "swi/sissupportedlanguages.h"
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	36	#include "swi/sisprerequisites.h"
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	37	#include "swi/sislogo.h"
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	38	#include "swi/sisproperties.h"
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	39	#include "swi/sisinstallblock.h"
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	40	#include "swi/sistruststatus.h"
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	41	#include "hashcontainer.h"
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	42	#include "certchainconstraints.h"
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	43	#include "devinfosupportclient.h"
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	44
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	45	#include "log.h"
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	46
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	47	// PKIX dependencies
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	48	#include <pkixcertchain.h>
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	49	#include <x509keys.h>
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	50	#include <ocsp.h>
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	51	#include <securitydefsconst.h>
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	52
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	53	#include <ccertattributefilter.h>
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	54	#include <ct/mcttoken.h>
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	55	//#include <mctcertstore.h>
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	56	#include "cfstokentypeclient.h"
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	57
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	58	// Crypto dependencies
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	59	#include <hash.h>
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	60	#include <swicertstore.h>
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	61
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	62	// SecMan includes
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	63	#include "chainvalidator.h"
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	64	#include "certificateretriever.h"
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	65	#include "signatureverifier.h"
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	66	#include "securitypolicy.h"
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	67	#include "revocationhandler.h"
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	68
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	69	const TInt KFileBufferSize = 1024; // 1k buffer used to read the data to be hashed
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	70	_LIT(KSecurityManagerName, "_Security_Manager_");
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	71
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	72
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	73	using namespace Swi;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	74
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	75	//
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	76	// Life Cycle methods
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	77	//
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	78
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	79	EXPORT_C CSecurityManager* CSecurityManager::NewL()
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	80	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	81	CSecurityManager* self = CSecurityManager::NewLC();
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	82	CleanupStack::Pop(self);
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	83	return self;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	84	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	85
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	86	EXPORT_C CSecurityManager* CSecurityManager::NewLC()
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	87	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	88	CSecurityManager* self = new(ELeave) CSecurityManager();
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	89	CleanupStack::PushL(self);
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	90	self->ConstructL();
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	91	return self;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	92	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	93
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	94	EXPORT_C CSecurityPolicy& CSecurityManager::SecurityPolicy() const
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	95	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	96	return *iSecPolicy;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	97	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	98
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	99	CSecurityManager::CSecurityManager() : CActive(EPriorityNormal)
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	100	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	101	CActiveScheduler::Add(this);
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	102	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	103
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	104	CSecurityManager::~CSecurityManager()
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	105	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	106	Deque();
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	107
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	108	if (iCurrentPkixChain)
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	109	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	110	delete iCurrentPkixChain;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	111	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	112
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	113	if (iCertStore)
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	114	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	115	iCertStore->Release();
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	116	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	117
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	118	if (iCertificateRetriever)
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	119	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	120	delete iCertificateRetriever;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	121	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	122
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	123	if (iChainValidator)
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	124	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	125	delete iChainValidator;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	126	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	127
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	128	if (iRevocationHandler)
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	129	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	130	delete iRevocationHandler;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	131	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	132
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	133	iValidPkixChains.ResetAndDestroy();
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	134	iUntrustedRoots.ResetAndDestroy();
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	135	iDeviceIDs.ResetAndDestroy();
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	136	TInt count = iTrustedRoots.Count();
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	137	// Release certificates from the list
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	138	for (TInt i = 0; i < count; ++i)
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	139	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	140	iTrustedRoots[0]->Release();
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	141	iTrustedRoots.Remove(0);
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	142	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	143	iTrustedRoots.Close();
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	144	iCertMetaInfo.Reset();
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	145	iFs.Close();
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	146	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	147
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	148
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	149	void CSecurityManager::ConstructL()
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	150	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	151	User::LeaveIfError(iFs.Connect());
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	152	iSecPolicy = CSecurityPolicy::GetSecurityPolicyL();
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	153	iCertStore=CSWICertStore::NewL(iFs);
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	154	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	155
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	156
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	157	//
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	158	// Active Objects methods
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	159	//
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	160
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	161	void CSecurityManager::RunL()
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	162	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	163	DEBUG_PRINTF3(_L8("Security Manager - RunL(). State: %d, Status: %d."),
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	164	iState, iStatus.Int());
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	165
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	166	if (iStatus.Int() != KErrNone)
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	167	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	168	User::Leave(iStatus.Int()); // Hop into RunError()
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	169	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	170
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	171	switch (iState)
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	172	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	173	case ERetrievedTrustedRoots:
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	174	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	175	iCertMetaInfo.Reset();
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	176	TInt trustedCertCount = iTrustedRoots.Count();
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	177	for (TInt i = 0; i < trustedCertCount; ++i)
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	178	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	179	CCTCertInfo& certInfo=*iTrustedRoots[i];
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	180	DEBUG_CODE_SECTION(
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	181	DEBUG_PRINTF2(_L("Security Manager - SWI certstore contains trust anchor certificate '%S'"),
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	182	&(certInfo.Label()));
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	183	);
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	184	TCertMetaInfo metaInfo = iCertStore->CertMetaInfoL(certInfo);
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	185	iCertMetaInfo.AppendL(metaInfo);
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	186	if (metaInfo.iIsMandatory)
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	187	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	188	iMandatoryCertDNCount++;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	189	DEBUG_CODE_SECTION(
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	190	DEBUG_PRINTF2(_L("Security Manager - SWI certstore contains mandatory certificate '%S'"),
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	191	&(certInfo.Label()));
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	192	);
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	193	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	194	if (metaInfo.iIsSystemUpgrade)
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	195	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	196	DEBUG_CODE_SECTION(
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	197	DEBUG_PRINTF2(_L("Security Manager - SWI certstore contains system upgrade certificate '%S'"),
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	198	&(certInfo.Label()));
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	199	);
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	200	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	201	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	202	// After we get here, we have retrieved mandatory certificates
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	203	// We may have an unsigned sis file in which case we do not want to verify the block
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	204	// since there isn't one, so bail here with the correct error
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	205	if (iChains.Count() == 0)
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	206	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	207	if (iMandatoryCertDNCount == 0)
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	208	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	209	*iResult = ESignatureNotPresent; // No mandatory certs, so just say unsigned
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	210	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	211	else
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	212	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	213	*iResult = EMandatorySignatureMissing; // more important error code overrides
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	214	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	215
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	216	User::RequestComplete(iClientStatus, KErrNone);
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	217	break;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	218	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	219
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	220
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	221	VerifyBlockL(iCurrentChain);
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	222	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	223	break;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	224
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	225	case EValidatingChain :
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	226	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	227	CPKIXValidationResultBase* result = (*iValidationResultsOut)[iCurrentChain];
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	228	::TValidationStatus resultStatus = result->Error();
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	229
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	230	DEBUG_PRINTF3(_L8("Security Manager - Certificate validation result was %d. (If applicable, error on certificate %d.)"),
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	231	resultStatus.iReason, resultStatus.iCert);
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	232
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	233	iCurrentChain++; // Next chain to validate
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	234
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	235	if (resultStatus.iReason != EValidatedOK)
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	236	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	237	// we can discard the invalid cert chain
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	238	delete iCurrentPkixChain;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	239	iCurrentPkixChain = NULL;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	240
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	241	// ooops
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	242	if (iChains.Count() > iCurrentChain) // This is the ValidateANY policy
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	243	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	244	VerifyBlockL(iCurrentChain);
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	245	break;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	246	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	247	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	248	else
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	249	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	250	iHasValidated = ETrue; // At least one chain has been validated! Hurrah!
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	251
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	252	// check if a chain has validated that is not self signed
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	253	if (*iResult != ESignatureSelfSigned)
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	254	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	255	iHasValidatedTrusted = ETrue;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	256	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	257
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	258	// From here on the chain has been validated successfully
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	259
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	260	iTotalCapabilitiesOut->Union(iCurrentCapabilities); // Update the total capabilities
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	261
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	262	// Reduce the count from the list of mandatory certs
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	263	UpdateListOfMissingRequiredCertsL(iCurrentPkixChain->Cert(iCurrentPkixChain->Count()-1));
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	264
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	265	// Updage the System Upgrade status of the Certificate
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	266	UpdateSystemUpgradeCertStatusL(iCurrentPkixChain->Cert(iCurrentPkixChain->Count()-1));
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	267
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	268	User::LeaveIfError(iValidPkixChains.Append(iCurrentPkixChain));
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	269	// this chain will be used for OCSP checking if required, so record it.
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	270	iController->AddChainIndex(iCurrentChain-1);
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	271
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	272	iCurrentPkixChain = NULL;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	273	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	274
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	275	if (iCurrentChain == iChains.Count())
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	276	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	277	if (iMandatoryCertDNCount == 0)
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	278	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	279	// Mandatory certs prerequisites met
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	280
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	281	if (iHasValidated)
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	282	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	283	//Build the certificate chain constraints
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	284	CCertChainConstraints* certChainConstraints(0);
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	285	TRAPD(err, certChainConstraints=CCertChainConstraints::NewL(iValidPkixChains));
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	286	if (err)
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	287	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	288	*iResult = ECertificateValidationError;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	289	User::RequestComplete(iClientStatus, KErrNone);
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	290	return;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	291	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	292
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	293	*iResult = iHasValidatedTrusted ? EValidationSucceeded : ESignatureSelfSigned;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	294
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	295	//Pass the certificate chain constraints ownership to controller
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	296	Sis::CController* controller=const_cast<Sis::CController*>(iController);
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	297	controller->SetCertChainConstraints(certChainConstraints);
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	298
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	299	//Set the dev cert found flag if dev cert first time found
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	300	if (iDevCertWarningState==ENoDevCerts &&
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	301	(certChainConstraints->SIDsAreConstrained()
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	302	\|\|certChainConstraints->VIDsAreConstrained()
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	303	\|\|certChainConstraints->DeviceIDsAreConstrained()
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	304	\|\|certChainConstraints->CapabilitiesAreConstrained()))
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	305	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	306	DEBUG_PRINTF(_L("Security Manager - At least one certificate chain contains a devcert."));
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	307	iDevCertWarningState=EFoundDevCerts;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	308	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	309
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	310	//Check if the device id is contrained and the device Id has been retrieved
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	311	if (certChainConstraints->DeviceIDsAreConstrained() && iDeviceIDs.Count()==0)
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	312	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	313	//Retrieve and Save the device ID list then complete
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	314	RDeviceInfo deviceInfo;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	315	User::LeaveIfError(deviceInfo.Connect());
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	316	CleanupClosePushL(deviceInfo);
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	317	const RPointerArray<HBufC>& tempbuf=deviceInfo.DeviceIdsL();
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	318	for (TInt i=0;i<tempbuf.Count();i++)
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	319	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	320	HBufC* element=tempbuf[i]->AllocLC();
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	321	iDeviceIDs.AppendL(element);
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	322	CleanupStack::Pop(element);
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	323	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	324	CleanupStack::PopAndDestroy(&deviceInfo);
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	325	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	326	iState = EChecksDone;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	327	TRequestStatus* status = &iStatus;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	328	User::RequestComplete(status, KErrNone);
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	329	SetActive();
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	330	return;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	331	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	332	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	333
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	334	if (iMandatoryCertDNCount != 0)
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	335	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	336	*iResult = EMandatorySignatureMissing; // We did not meet mandatory cert requirements!
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	337	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	338	else
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	339	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	340	if (!iHasValidated)
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	341	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	342	*iResult = ECertificateValidationError; // No chain ever validated
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	343	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	344	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	345
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	346	User::RequestComplete(iClientStatus, KErrNone);
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	347	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	348	else
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	349	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	350	VerifyBlockL(iCurrentChain);
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	351	return;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	352	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	353	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	354	break;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	355
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	356	case ERevalidatingChain:
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	357	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	358	TInt chainIndex = (*iChainListIndices)[iCurrentChain];
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	359
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	360	CPKIXValidationResultBase* result = (*iValidationResultsOut)[iCurrentChain];
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	361	::TValidationStatus resultStatus = result->Error();
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	362
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	363	DEBUG_PRINTF3(_L8("Security Manager - Certificate validation result was %d. (If applicable, error on certificate %d.)"),
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	364	resultStatus.iReason, resultStatus.iCert);
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	365
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	366	iCurrentChain++; // Next chain to validate
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	367
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	368	if (resultStatus.iReason != EValidatedOK)
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	369	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	370	// We can discard the invalid chain.
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	371	delete iCurrentPkixChain;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	372	iCurrentPkixChain = NULL;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	373
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	374	// ooops
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	375	if (iChains.Count() > chainIndex)
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	376	{ // This is the ValidateANY policy
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	377	VerifyBlockL(chainIndex);
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	378	break;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	379	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	380	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	381	else
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	382	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	383	iHasValidated = ETrue; // At least one chain has been validated! Hurrah!
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	384
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	385	// check if a chain has validated that is not self signed
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	386	if (*iResult != ESignatureSelfSigned)
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	387	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	388	iHasValidatedTrusted = ETrue;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	389	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	390
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	391	// From here on the chain has been validated successfully
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	392
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	393	iTotalCapabilitiesOut->Union(iCurrentCapabilities); // Update the total capabilities
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	394
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	395	// Reduce the count from the list of mandatory certs
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	396	UpdateListOfMissingRequiredCertsL(iCurrentPkixChain->Cert(iCurrentPkixChain->Count()-1));
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	397
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	398	// Updage the System Upgrade status of the Certificate
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	399	UpdateSystemUpgradeCertStatusL(iCurrentPkixChain->Cert(iCurrentPkixChain->Count()-1));
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	400
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	401	iValidPkixChains.AppendL(iCurrentPkixChain);
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	402
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	403	iCurrentPkixChain = NULL;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	404	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	405
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	406	if (chainIndex == iChains.Count())
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	407	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	408	if (iHasValidated)
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	409	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	410	//Build the certificate chain constraints
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	411	CCertChainConstraints* certChainConstraints(0);
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	412	TRAPD(err, certChainConstraints=CCertChainConstraints::NewL(iValidPkixChains));
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	413	if (err)
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	414	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	415	*iResult = ECertificateValidationError;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	416	User::RequestComplete(iClientStatus, KErrNone);
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	417	return;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	418	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	419	else
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	420	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	421	*iResult = iHasValidatedTrusted ? EValidationSucceeded : ESignatureSelfSigned;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	422	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	423
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	424	//Pass the certificate chain constraints ownership to controller
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	425	Sis::CController* controller=const_cast<Sis::CController*>(iController);
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	426	controller->SetCertChainConstraints(certChainConstraints);
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	427
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	428	//Check if the device id is contrained and the device Id has been retrieved
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	429	if (certChainConstraints->DeviceIDsAreConstrained() && iDeviceIDs.Count()==0)
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	430	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	431	//Retrieve and Save the device ID list then complete
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	432	RDeviceInfo deviceInfo;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	433	User::LeaveIfError(deviceInfo.Connect());
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	434	CleanupClosePushL(deviceInfo);
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	435	const RPointerArray<HBufC>& tempbuf=deviceInfo.DeviceIdsL();
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	436	for (TInt i=0;i<tempbuf.Count();i++)
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	437	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	438	HBufC* element=tempbuf[i]->AllocLC();
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	439	iDeviceIDs.AppendL(element);
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	440	CleanupStack::Pop(element);
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	441	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	442	CleanupStack::PopAndDestroy(&deviceInfo);
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	443	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	444	iState = EChecksDone;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	445	TRequestStatus* status = &iStatus;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	446	User::RequestComplete(status, KErrNone);
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	447	SetActive();
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	448	return;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	449	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	450
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	451	else
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	452	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	453	*iResult = ECertificateValidationError; // No chain ever validated
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	454	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	455
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	456	User::RequestComplete(iClientStatus, KErrNone);
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	457	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	458	else
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	459	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	460	VerifyBlockL(chainIndex);
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	461	return;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	462	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	463	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	464	break;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	465
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	466	case EOCSPCheck:
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	467	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	468	iState = EChecksDone;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	469	ProcessOcspOutcomesL();
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	470
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	471	TRequestStatus* status = &iStatus;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	472	User::RequestComplete(status, KErrNone);
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	473	SetActive();
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	474	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	475	break;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	476
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	477	case EChecksDone:
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	478	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	479	// If the validation is done by certs passed by third party(API user)
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	480	// instead of cert-store then even on successful validation
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	481	// the result of validation is ESignatureSelfSigned.
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	482	// But if iUntrustedRoots count is not zero then the result is
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	483	// really ESignatureSelfSigned.
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	484	if (NULL != iRootCerts && iHasValidated)
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	485	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	486	*iResult = EValidationSucceeded;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	487	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	488	// Complete the client and be happy
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	489	User::RequestComplete(iClientStatus, KErrNone);
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	490	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	491	break;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	492
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	493	default:
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	494	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	495	User::Panic(KSecurityManagerName, 1);
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	496	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	497	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	498	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	499
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	500
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	501	void CSecurityManager::ProcessOcspOutcomesL()
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	502	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	503
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	504	// Identify the worst outcome overall, and the worst in each chain.
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	505	// The OCSP outcomes are in the same order as the valid chains and
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	506	// certificates within them, with the number of outcomes per chain
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	507	// one fewer than the number of certs in the chain.
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	508
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	509
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	510	TInt numOutcomes=iRevocationHandler->TransactionCount();
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	511	TInt currentChain = 0;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	512	TInt chainErrorLevel = 0;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	513
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	514	// Since the number of outcomes is 1 fewer than the number of certs in the
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	515	// PkixChain, the index for the last outcome of the first chain will be
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	516	// 2 lower than the number of certs in the chain.
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	517	TInt chainLastOutcomeIndex = iValidPkixChains[0]->Count() - 2;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	518	TInt chainWorstOutcome = 0;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	519
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	520	// This variable is used to record the most serious error condition.
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	521	TInt errorLevel = 0;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	522
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	523	DEBUG_PRINTF2(_L8("Security Manager - OCSP check complete. %d OCSP outcomes."), numOutcomes);
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	524
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	525	for (TInt i=0; i<numOutcomes; i++)
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	526	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	527	const TOCSPOutcome& outcome=iRevocationHandler->Outcome(i);
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	528
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	529	DEBUG_PRINTF4(_L8("Security Manager - OCSP outcome %d; Status: %d, Result: %d."),
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	530	i, outcome.iStatus, outcome.iResult);
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	531
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	532	if (outcome.iResult == OCSP::ERevoked)
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	533	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	534	// If any certificate is revoked then installation must be aborted
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	535	// but we still want to identify the worst case for each chain for
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	536	// the purposes of the error dialog.
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	537
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	538	*iRevocationMessage = ECertificateStatusIsRevoked;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	539	errorLevel = 6;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	540	chainWorstOutcome = i;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	541
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	542	// Skip the rest of the outcomes for this chain.
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	543	i = chainLastOutcomeIndex;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	544	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	545	else if (outcome.iResult != OCSP::EGood)
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	546	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	547	switch (outcome.iStatus)
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	548	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	549	// permanent errors, no user interaction is required
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	550	case OCSP::ENoServerSpecified:
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	551	case OCSP::EClientInternalError:
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	552	case OCSP::EMalformedRequest:
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	553	case OCSP::EUnknownResponseType:
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	554	case OCSP::EClientUnauthorised:
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	555	case OCSP::EUnknownCriticalExtension:
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	556	case OCSP::EMissingCertificates:
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	557	case OCSP::ESignatureRequired:
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	558	case OCSP::EThisUpdateTooLate:
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	559	case OCSP::EThisUpdateTooEarly:
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	560	case OCSP::ENextUpdateTooEarly:
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	561	case OCSP::ECertificateNotValidAtValidationTime:
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	562	case OCSP::ENonceMismatch:
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	563	if (errorLevel < 5)
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	564	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	565	errorLevel = 5;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	566	*iRevocationMessage = EInvalidCertificateStatusInformation;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	567	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	568	if (chainErrorLevel < 5)
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	569	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	570	chainErrorLevel = 5;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	571	chainWorstOutcome = i;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	572	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	573	break;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	574	case OCSP::EResponseSignatureValidationFailure:
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	575	if (errorLevel < 4)
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	576	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	577	errorLevel = 4;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	578	*iRevocationMessage = EResponseSignatureValidationFailure;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	579	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	580	if (chainErrorLevel < 4)
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	581	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	582	chainErrorLevel = 4;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	583	chainWorstOutcome = i;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	584	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	585	break;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	586	// permanent errors, ask the user
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	587	case OCSP::EValid:
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	588	if (errorLevel < 3)
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	589	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	590	errorLevel = 3;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	591	*iRevocationMessage = ECertificateStatusIsUnknown;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	592	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	593	if (chainErrorLevel < 3)
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	594	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	595	chainErrorLevel = 3;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	596	chainWorstOutcome = i;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	597	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	598	break;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	599	// transient errors - user can retry
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	600	case OCSP::EInvalidURI:
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	601	if (errorLevel < 2)
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	602	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	603	errorLevel = 2;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	604	*iRevocationMessage = EInvalidRevocationServerUrl;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	605	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	606	if (chainErrorLevel < 2)
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	607	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	608	chainErrorLevel = 2;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	609	chainWorstOutcome = i;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	610	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	611	break;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	612	case OCSP::ETryLater:
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	613	case OCSP::ETransportError:
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	614	case OCSP::EServerInternalError:
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	615	case OCSP::EMissingNonce:
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	616	if (errorLevel < 1)
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	617	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	618	errorLevel = 1;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	619	*iRevocationMessage = EUnableToObtainCertificateStatus;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	620	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	621	if (chainErrorLevel < 1)
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	622	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	623	chainErrorLevel = 1;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	624	chainWorstOutcome = i;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	625	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	626
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	627	break;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	628	default:
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	629	// All possible OCSP responses should be checked
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	630	__ASSERT_ALWAYS(EFalse, User::Leave(KErrArgument));
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	631	break;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	632	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	633	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	634
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	635	// If this is the end of the chain, store the worst outcome for the
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	636	// chain in the output outcome array.
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	637	if (i == chainLastOutcomeIndex)
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	638	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	639	TOCSPOutcome* chainOutcome=new(ELeave) TOCSPOutcome(iRevocationHandler->Outcome(chainWorstOutcome));
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	640	CleanupStack::PushL(chainOutcome);
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	641	iOcspOutcomeOut->AppendL(chainOutcome);
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	642	CleanupStack::Pop(chainOutcome);
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	643
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	644	// If there are more chains to consider, get set to identify the
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	645	// worst outcome in the next chain.
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	646	if (++currentChain < iValidPkixChains.Count())
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	647	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	648	chainErrorLevel = 0;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	649	chainWorstOutcome = i + 1;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	650	chainLastOutcomeIndex += iValidPkixChains[currentChain]->Count() - 1;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	651	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	652	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	653
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	654	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	655	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	656
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	657	void CSecurityManager::DoCancel()
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	658	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	659	DEBUG_PRINTF2(_L8("Security Manager - Cancelling in state %d."), iState);
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	660
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	661	switch (iState)
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	662	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	663	case ERetrievedTrustedRoots:
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	664	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	665	iCertificateRetriever->Cancel();
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	666	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	667	break;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	668
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	669	case EValidatingChain:
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	670	case ERevalidatingChain:
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	671	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	672	iChainValidator->Cancel();
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	673	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	674	break;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	675
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	676	case EOCSPCheck:
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	677	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	678	iRevocationHandler->Cancel();
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	679	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	680	break;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	681
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	682	case EChecksDone:
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	683	default:
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	684	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	685	// Do nothing
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	686	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	687	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	688	if(iClientStatus)
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	689	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	690	User::RequestComplete(iClientStatus,KErrCancel);
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	691	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	692	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	693
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	694	TInt CSecurityManager::RunError(TInt aError)
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	695	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	696	DEBUG_PRINTF2(_L8("Security Manager - RunError(). Error code %d."), aError);
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	697
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	698	User::RequestComplete(iClientStatus, aError);
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	699	return KErrNone;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	700	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	701
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	702
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	703	//
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	704	// Business methods
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	705	//
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	706
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	707	EXPORT_C void CSecurityManager::PerformOcspL(const TDesC8& aOcspUri,
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	708	TUint32& aIap,
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	709	TRevocationDialogMessage* aRevocationMessageOut,
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	710	RPointerArray<TOCSPOutcome>& aOcspOutcomeOut,
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	711	RPointerArray<CX509Certificate>& aCertOut,
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	712	TRequestStatus& aStatus)
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	713	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	714	Cancel();
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	715
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	716	DEBUG_PRINTF2(_L8("Security Manager - Performing OCSP with revocation server at %S."),
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	717	&aOcspUri);
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	718
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	719	// Reset and re-populate certificate list to contain only end certificates
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	720	// from valid chains, so that the end cert list can be correlated with the
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	721	// list of outcomes.
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	722	aCertOut.ResetAndDestroy();
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	723	TInt numChains = iValidPkixChains.Count();
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	724	for (TInt index = 0; index < numChains; index++)
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	725	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	726	CX509Certificate* certOut = CX509Certificate::NewLC(iValidPkixChains[index]->Cert(0));
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	727	aCertOut.AppendL(certOut);
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	728	CleanupStack::Pop(certOut);
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	729	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	730
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	731	DEBUG_PRINTF2(_L8("Security Manager - Validating %d certificate chains for this controller."), numChains);
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	732
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	733	iClientStatus = &aStatus;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	734	*iClientStatus = KRequestPending;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	735
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	736	iOcspOutcomeOut = &aOcspOutcomeOut;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	737	iRevocationMessage = aRevocationMessageOut;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	738
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	739	// Make sure to delete earlier object
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	740	if (iRevocationHandler)
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	741	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	742	delete iRevocationHandler;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	743	iRevocationHandler = NULL;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	744	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	745	iRevocationHandler = CRevocationHandler::NewL(*iCertStore);
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	746	iRevocationHandler->SetDefaultURIL(aOcspUri);
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	747	iState = EOCSPCheck;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	748
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	749	iRevocationHandler->SendRequestL(iValidPkixChains, aIap, iStatus);
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	750
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	751	SetActive();
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	752	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	753
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	754	EXPORT_C void CSecurityManager::VerifyControllerL(
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	755	TDesC8& aRawController,
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	756	const Sis::CController& aController,
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	757	TSignatureValidationResult* aResultOut,
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	758	RPointerArray<CPKIXValidationResultBase>& aPkixResultsOut,
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	759	RPointerArray<CX509Certificate>& aCertsOut,
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	760	TCapabilitySet* aCapabilitySetOut,
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	761	TBool& aAllowUnsigned,
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	762	TBool& aIsEmbeddedController,
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	763	TRequestStatus& aStatus,
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	764	TBool aCheckDateAndTime)
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	765	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	766	DEBUG_PRINTF(_L8("Security Manager - Validating Controller"));
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	767
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	768	iResult = aResultOut;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	769	iChains = aController.SignatureCertificateChains();
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	770	iController = &aController;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	771	iEndCertificatesOut = &aCertsOut;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	772	iValidationResultsOut = &aPkixResultsOut;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	773	iTotalCapabilitiesOut = aCapabilitySetOut;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	774	iIsEmbeddedController = aIsEmbeddedController;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	775	iCheckDateAndTime = aCheckDateAndTime;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	776
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	777	// Initialy assume that the chain is not validated
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	778	iHasValidated = EFalse;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	779	iHasValidatedTrusted = EFalse;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	780
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	781	*iResult = ESignatureNotPresent;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	782	aAllowUnsigned=iSecPolicy->AllowUnsigned();
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	783
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	784
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	785	iClientStatus = &aStatus; // Store caller's request status
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	786	*iClientStatus = KRequestPending;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	787
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	788	if (iChains.Count() == 0)
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	789	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	790	User::RequestComplete(iClientStatus, KErrNone);
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	791	return;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	792	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	793
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	794	iRawController.Set(aRawController);
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	795	iCurrentChain = 0;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	796
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	797	// First retrieve all CA certificates
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	798
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	799	delete iCertificateRetriever;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	800	iCertificateRetriever = NULL;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	801	iCertificateRetriever = CCertificateRetriever::NewL(*iCertStore);
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	802
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	803	delete iChainValidator;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	804	iChainValidator = NULL;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	805	iChainValidator = CChainValidator::NewL(iCertStore, iSecPolicy);
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	806
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	807	iState = ERetrievedTrustedRoots;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	808	SetActive();
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	809
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	810	// No need to fetch certificates from the certstore if the root certs
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	811	// are already provided by the caller. or
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	812	// The root Certificates already fetched from certstore in case of embedded packages
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	813
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	814	if(NULL == iRootCerts && iTrustedRoots.Count() == 0)
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	815	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	816	iCertificateRetriever->RetrieveCACertificates(
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	817	iTrustedRoots, iStatus);
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	818	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	819	else
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	820	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	821	TRequestStatus* tempStatus = &iStatus;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	822	User::RequestComplete(tempStatus, KErrNone);
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	823	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	824	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	825
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	826	EXPORT_C void CSecurityManager::ReverifyControllerL(
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	827	TDesC8& aRawController,
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	828	const Sis::CController& aController,
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	829	const RArray<TInt>& aChainListIndices,
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	830	TSignatureValidationResult* aResultOut,
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	831	RPointerArray<CPKIXValidationResultBase>& aPkixResultsOut,
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	832	RPointerArray<CX509Certificate>& aCertsOut,
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	833	TCapabilitySet* aCapabilitySetOut,
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	834	TBool& aAllowUnsigned,
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	835	TRequestStatus& aStatus)
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	836	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	837	DEBUG_PRINTF(_L8("Security Manager - Re-Verifying Controller"));
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	838
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	839	iResult = aResultOut;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	840	iChains = aController.SignatureCertificateChains();
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	841	iController = &aController;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	842	iChainListIndices = &aChainListIndices;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	843	iEndCertificatesOut = &aCertsOut;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	844	iValidationResultsOut = &aPkixResultsOut;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	845	iTotalCapabilitiesOut = aCapabilitySetOut;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	846	iIsEmbeddedController = ETrue;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	847
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	848
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	849	*iResult = ESignatureNotPresent;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	850	aAllowUnsigned = iSecPolicy->AllowUnsigned();
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	851
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	852	iClientStatus = &aStatus; // Store caller's request status
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	853	*iClientStatus = KRequestPending;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	854
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	855	if (iChains.Count() == 0)
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	856	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	857	// This is an unsigned SISX file
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	858	User::RequestComplete(iClientStatus, KErrNone);
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	859	return;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	860	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	861
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	862	iRawController.Set(aRawController);
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	863	iCurrentChain = 0;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	864
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	865	delete iCertificateRetriever;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	866	iCertificateRetriever = NULL;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	867	iCertificateRetriever = CCertificateRetriever::NewL(*iCertStore);
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	868
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	869	delete iChainValidator;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	870	iChainValidator = NULL;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	871	iChainValidator = CChainValidator::NewL(iCertStore, iSecPolicy);
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	872
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	873	// We may have an unsigned sis file in which case we do not want to verify the block
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	874	// since there isn't one, so bail here with the correct error
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	875	if (iChains.Count() == 0)
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	876	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	877	User::RequestComplete(iClientStatus, KErrNone);
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	878	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	879	else
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	880	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	881	TInt currentChain = (*iChainListIndices)[iCurrentChain];
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	882	VerifyBlockL(currentChain);
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	883	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	884	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	885
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	886	TInt CSecurityManager::SignedSize(TInt iChainsToAdd) const
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	887	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	888	TInt64 size = 0;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	889
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	890	const Sis::CInfo& info = iController->Info();
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	891	size += info.Length() + info.HeaderSize() + info.PaddingSize();
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	892
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	893	const Sis::CSupportedOptions& options = iController->SupportedOptions();
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	894	size += options.Length() + options.HeaderSize() + options.PaddingSize();
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	895
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	896	const Sis::CSupportedLanguages& languages = iController->SupportedLanguages();
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	897	size += languages.Length() + languages.HeaderSize() + languages.PaddingSize();
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	898
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	899	const Sis::CPrerequisites& prerequisites = iController->Prerequisites();
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	900	size += prerequisites.Length() + prerequisites.HeaderSize() + prerequisites.PaddingSize();
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	901
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	902	const Sis::CProperties& props = iController->Properties();
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	903	size += props.Length() + props.HeaderSize() + props.PaddingSize();
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	904
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	905	const Sis::CLogo* logo = iController->Logo();
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	906	if (logo != NULL)
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	907	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	908	size += logo->Length() + logo->HeaderSize() + logo->PaddingSize();
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	909	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	910
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	911	const Sis::CInstallBlock& installblock = iController->InstallBlock();
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	912	size += installblock.Length() + installblock.HeaderSize() + installblock.PaddingSize();
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	913
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	914	for (TInt k = 0; k < iChainsToAdd; k++)
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	915	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	916	size += iChains[k]->Length() + iChains[k]->HeaderSize() + iChains[k]->PaddingSize();
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	917	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	918
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	919	return I64INT(size);
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	920	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	921
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	922	void CSecurityManager::VerifyBlockL(TInt aChainIndex)
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	923	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	924	DEBUG_PRINTF2(_L8("Security Manager - Validating certificate chain %d."), aChainIndex);
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	925
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	926	Sis::CSignatureCertificateChain& chain = *iChains[aChainIndex];
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	927
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	928	// First verify the signature
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	929	const RPointerArray<Sis::CSignature> signatures = chain.Signatures();
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	930
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	931	// Determine the size of the controller data which was signed
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	932	TInt size = SignedSize(aChainIndex);
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	933
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	934	const Sis::CCertificateChain& certChain = chain.CertificateChain();
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	935	const TPtrC8 data = certChain.Data();
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	936
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	937	TInt pos = 0;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	938	TInt end = data.Length();
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	939	iUntrustedRoots.ResetAndDestroy();
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	940
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	941	// Find all the self-signed certificates in the chain as possible root candidates
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	942
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	943	while (pos < end)
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	944	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	945	CX509Certificate* decoded = CX509Certificate::NewLC(data, pos);
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	946	if (decoded->IsSelfSignedL())
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	947	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	948	// If the root isn't in the trusted list, append it to the untrusted roots
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	949	TBool found = EFalse;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	950	if(NULL == iRootCerts)
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	951	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	952	for (TInt i = 0; i < iTrustedRoots.Count(); i++)
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	953	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	954	CCTCertInfo* root = iTrustedRoots[i];
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	955	if (root->SubjectKeyId() == decoded->KeyIdentifierL())
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	956	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	957	found = ETrue;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	958	break;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	959	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	960	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	961	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	962	else
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	963	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	964	for (TInt i = iRootCerts->Count() - 1; i >= 0; --i)
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	965	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	966	CX509Certificate* root = (*iRootCerts)[i];
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	967	if (root->KeyIdentifierL() == decoded->KeyIdentifierL())
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	968	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	969	found = ETrue;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	970	break;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	971	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	972	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	973	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	974
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	975	if (!found)
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	976	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	977	iUntrustedRoots.AppendL(decoded);
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	978	CleanupStack::Pop(decoded);
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	979	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	980	else
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	981	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	982	CleanupStack::PopAndDestroy(decoded);
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	983	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	984	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	985	else
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	986	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	987	CleanupStack::PopAndDestroy(decoded);
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	988	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	989	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	990
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	991	DEBUG_PRINTF2(_L8("Security Manager - Found %d non-trusted candidate root certificates"), iUntrustedRoots.Count());
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	992
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	993	// If we have self signed roots, don't look in the certstore for a further root
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	994
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	995	TBool hasUntrustedRoot = (iUntrustedRoots.Count() > 0);
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	996
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	997	if (NULL != iRootCerts)
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	998	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	999	DEBUG_PRINTF(_L8("Security Manager - Validating chain using user provided roots"));
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1000	iCurrentPkixChain = CPKIXCertChainBase::NewL(iCertStore, data, iRootCerts);
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1001	hasUntrustedRoot = ETrue; // These root certs are considered untrusted.
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1002	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1003	else if(hasUntrustedRoot)
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1004	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1005	DEBUG_PRINTF(_L8("Security Manager - Validating chain using untrusted roots"));
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1006	iCurrentPkixChain = CPKIXCertChainBase::NewL(*iCertStore, data, iUntrustedRoots);
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1007	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1008	else
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1009	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1010	DEBUG_PRINTF(_L8("Security Manager - Validating chain using trusted roots from store"));
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1011	iCurrentPkixChain = CPKIXCertChainBase::NewL(*iCertStore, data, KSwiApplicabilityUid);
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1012	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1013
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1014
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1015	DEBUG_PRINTF2(_L8("Security Manager - Certificate chain contains %d certificates."), iCurrentPkixChain->Count());
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1016
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1017	const CX509Certificate& clientCert = iCurrentPkixChain->Cert(0); // This is the ee certificate
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1018	CX509Certificate* endCertOut = CX509Certificate::NewLC(clientCert);
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1019	iEndCertificatesOut->AppendL(endCertOut);
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1020	CleanupStack::Pop(endCertOut);
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1021
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1022	DEBUG_CODE_SECTION(HBufC* issuer = clientCert.IssuerL(); DEBUG_PRINTF2(_L("Security Manager - End Entity Certificate Issuer: '%S'."), issuer); delete issuer;);
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1023	DEBUG_CODE_SECTION(HBufC* subject = clientCert.SubjectL(); DEBUG_PRINTF2(_L("Security Manager - End Entity Certificate Subject: '%S'."), subject); delete subject;);
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1024
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1025	const CSubjectPublicKeyInfo& publicKey= clientCert.PublicKey();
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1026
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1027	DEBUG_PRINTF2(_L8("Security Manager - SIS file signed %d times with this certificate."), signatures.Count());
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1028
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1029	CSignatureVerifier* verifier = CSignatureVerifier::NewLC();
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1030	TBool result = EFalse;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1031	for (TInt k = 0; k < signatures.Count(); k++)
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1032	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1033	const TDesC& algorithmOID = signatures[k]->Algorithm().AlgorithmIdentifier().Data();
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1034	TRAP_IGNORE(result = verifier->VerifySignatureL(algorithmOID, publicKey, iRawController.Mid((iIsEmbeddedController ? 4 : iController->HeaderSize()), size), signatures[k]->Data()));
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1035	if (result)
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1036	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1037	// We have a verify any policy on signatures (inside a given SISSignatureCertificateChain)
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1038	// Cf. SGL.GT0188.251 Section 4.3
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1039	break;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1040	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1041	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1042
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1043	CleanupStack::PopAndDestroy(verifier);
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1044
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1045	if (!result) // Signature not verified: something is WRONG. Abort.
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1046	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1047	DEBUG_PRINTF(_L8("Security Manager - No signature validated."));
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1048
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1049	*iResult = ESignatureCouldNotBeValidated;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1050	User::RequestComplete(iClientStatus, KErrNone);
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1051	return;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1052	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1053
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1054	// The signature is good, validate the certificate chain
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1055
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1056	CPKIXValidationResultBase* validationResult = CPKIXValidationResultBase::NewLC();
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1057	iValidationResultsOut->Append(validationResult);
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1058	CleanupStack::Pop(validationResult);
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1059
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1060	iState = EValidatingChain;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1061	iCurrentPkixChain->SetValidityPeriodCheckFatal(iCheckDateAndTime);
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1062	iChainValidator->ValidateChainL(iCurrentPkixChain, iResult, *validationResult,
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1063	iCurrentCapabilities, hasUntrustedRoot, iStatus);
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1064	SetActive();
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1065	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1066
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1067	EXPORT_C HBufC8* CSecurityManager::CalculateHashLC(MSisDataProvider& aDataProvider, CMessageDigest::THashId aAlgorithm)
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1068	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1069	CMessageDigest* digest = CMessageDigestFactory::NewDigestLC(aAlgorithm);
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1070
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1071	HBufC8* aBuffer = HBufC8::NewMaxLC(KFileBufferSize);
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1072	TPtr8 aBufferPtr(aBuffer->Des());
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1073
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1074	User::LeaveIfError(aDataProvider.Read(aBufferPtr));
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1075
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1076	while (aBuffer->Length() != 0)
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1077	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1078	digest->Update(*aBuffer);
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1079	User::LeaveIfError(aDataProvider.Read(aBufferPtr));
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1080	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1081	TPtrC8 hash = digest->Final();
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1082	HBufC8* hashBuffer = hash.AllocL();
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1083	CleanupStack::PopAndDestroy(2, digest); // aBuffer, digest
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1084
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1085	CleanupStack::PushL(hashBuffer);
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1086	return hashBuffer;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1087	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1088
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1089	EXPORT_C TBool CSecurityManager::VerifyFileHashL(MSisDataProvider& aDataProvider, const CHashContainer& aDigest)
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1090	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1091	HBufC8* hashBuffer = CalculateHashLC(aDataProvider, aDigest.Algorithm());
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1092
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1093	TBool result = EFalse;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1094
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1095	TPtrC8 hash = hashBuffer->Des();
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1096	if (hash.Compare(aDigest.Data()) == 0)
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1097	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1098	result = ETrue;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1099	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1100
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1101	CleanupStack::PopAndDestroy(hashBuffer);
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1102	return result;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1103	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1104
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1105	void CSecurityManager::UpdateListOfMissingRequiredCertsL(const CCertificate& aCertificate)
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1106	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1107	// Find aCertificate in iTrustedRoots and marked as nonmandatory for temporary!
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1108	TInt count = iTrustedRoots.Count();
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1109	for (TInt k = 0; k < count; k++)
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1110	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1111	CCTCertInfo* certInfo = iTrustedRoots[k];
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1112	if (iCertMetaInfo[k].iIsMandatory && !certInfo->SubjectKeyId().Compare(aCertificate.KeyIdentifierL()))
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1113	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1114	DEBUG_PRINTF2(_L("Security Manager - Mandatory certificate '%S' satisfied."), &(certInfo->Label()));
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1115	// set the Mandatory is false so that next time this certificate won't be compared
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1116	iCertMetaInfo[k].iIsMandatory = 0;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1117	iMandatoryCertDNCount--;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1118	break;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1119	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1120	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1121	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1122
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1123	void CSecurityManager::UpdateSystemUpgradeCertStatusL(const CCertificate& aCertificate)
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1124	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1125	// Find aCertificate in iTrustedRoots and update the system upgrade trust status
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1126	TInt count = iTrustedRoots.Count();
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1127	for (TInt k = 0; k < count; k++)
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1128	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1129	CCTCertInfo* certInfo = iTrustedRoots[k];
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1130	if (iCertMetaInfo[k].iIsSystemUpgrade && certInfo->SubjectKeyId() == aCertificate.KeyIdentifierL())
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1131	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1132	DEBUG_PRINTF2(_L("Security Manager - System upgrade certificate '%S' satisfied."), &(certInfo->Label()));
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1133	// create a modifyable reference to the current controller
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1134	Sis::CController& controller = const_cast <Sis::CController&>(*iController);
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1135	// set the SuCert validation status
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1136	controller.SetSignedBySuCert(ETrue);
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1137	break;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1138	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1139	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1140
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1141	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1142
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1143	EXPORT_C void CSecurityManager::GetCertificatesFromControllerL(
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1144	const Sis::CController& aController,
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1145	RPointerArray<CX509Certificate>& aCerts)
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1146	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1147	// Go through all SIS chains and extract end certificates from them.
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1148	const RPointerArray<Sis::CSignatureCertificateChain>& chains=
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1149	aController.SignatureCertificateChains();
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1150	for (TInt i=0; i<chains.Count(); i++)
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1151	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1152	Sis::CSignatureCertificateChain& sigCertChain=*chains[i];
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1153	const Sis::CCertificateChain& certChain=
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1154	sigCertChain.CertificateChain();
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1155	// Construct PKIX cert chain from raw data in the controller.
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1156	CPKIXCertChainBase* pkixChain=CPKIXCertChainBase::NewLC(*iCertStore,
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1157	certChain.Data(), KSwiApplicabilityUid);
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1158
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1159	// Extract end entity certificate and store it in the member array.
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1160	const CX509Certificate& endCert=pkixChain->Cert(0);
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1161	CX509Certificate* endCertCopy=CX509Certificate::NewLC(endCert);
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1162	User::LeaveIfError(aCerts.Append(endCertCopy));
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1163	CleanupStack::Pop(endCertCopy);
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1164
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1165	// Cleanup.
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1166	CleanupStack::PopAndDestroy(pkixChain);
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1167	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1168	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1169
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1170	EXPORT_C void CSecurityManager::FillCertInfoArrayL(
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1171	const RPointerArray<CX509Certificate>& aCertificates,
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1172	RPointerArray<CCertificateInfo>& aCertInfos)
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1173	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1174	for (TInt i=0; i<aCertificates.Count(); i++)
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1175	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1176	CCertificateInfo* certInfo=CCertificateInfo::NewLC(*aCertificates[i]);
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1177	aCertInfos.AppendL(certInfo);
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1178	CleanupStack::Pop(certInfo);
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1179	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1180	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1181
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1182	EXPORT_C const RPointerArray<HBufC>& CSecurityManager::DeviceIDsInfo() const
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1183	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1184	return iDeviceIDs;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1185	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1186
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1187	EXPORT_C void CSecurityManager::ResetValidCertChains()
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1188	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1189	iValidPkixChains.ResetAndDestroy();
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1190	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1191
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1192	EXPORT_C void CSecurityManager::SetDevCertWarningState(TInt aDevCertWarningState)
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1193	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1194	iDevCertWarningState=static_cast<TDevCertWarningState>(aDevCertWarningState);
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1195	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1196
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1197	EXPORT_C TInt CSecurityManager::GetDevCertWarningState()
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1198	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1199	return iDevCertWarningState;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1200	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1201
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1202
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1203	EXPORT_C void CSecurityManager::SetRootCerts(RPointerArray<CX509Certificate>* aX509CertArray)
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1204	{
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1205	iRootCerts = aX509CertArray;
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1206	}
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1207
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1208
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1209
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1210
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1211
ba25891c3a9e Revision: 200949 Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> parents: diff changeset	1212

author	Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
	Thu, 17 Dec 2009 08:51:10 +0200
changeset 0	ba25891c3a9e
child 17	741e5bba2bd1
permissions	-rw-r--r--