author | Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> |
Thu, 17 Dec 2009 08:51:10 +0200 | |
changeset 0 | ba25891c3a9e |
child 17 | 741e5bba2bd1 |
permissions | -rw-r--r-- |
0
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1 |
/* |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
2 |
* Copyright (c) 1997-2009 Nokia Corporation and/or its subsidiary(-ies). |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
3 |
* All rights reserved. |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
4 |
* This component and the accompanying materials are made available |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
5 |
* under the terms of the License "Eclipse Public License v1.0" |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
6 |
* which accompanies this distribution, and is available |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
7 |
* at the URL "http://www.eclipse.org/legal/epl-v10.html". |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
8 |
* |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
9 |
* Initial Contributors: |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
10 |
* Nokia Corporation - initial contribution. |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
11 |
* |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
12 |
* Contributors: |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
13 |
* |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
14 |
* Description: |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
15 |
* |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
16 |
*/ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
17 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
18 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
19 |
/** |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
20 |
@file |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
21 |
@released |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
22 |
@internalTechnology |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
23 |
*/ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
24 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
25 |
#include <f32file.h> |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
26 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
27 |
#include "securitymanager.h" |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
28 |
#include "swi/sishash.h" |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
29 |
#include "swi/sisdataprovider.h" |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
30 |
#include "swi/sissignaturealgorithm.h" |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
31 |
#include "swi/sissignaturecertificatechain.h" |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
32 |
#include "swi/siscertificatechain.h" |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
33 |
#include "swi/sisinfo.h" |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
34 |
#include "swi/sissupportedoptions.h" |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
35 |
#include "swi/sissupportedlanguages.h" |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
36 |
#include "swi/sisprerequisites.h" |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
37 |
#include "swi/sislogo.h" |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
38 |
#include "swi/sisproperties.h" |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
39 |
#include "swi/sisinstallblock.h" |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
40 |
#include "swi/sistruststatus.h" |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
41 |
#include "hashcontainer.h" |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
42 |
#include "certchainconstraints.h" |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
43 |
#include "devinfosupportclient.h" |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
44 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
45 |
#include "log.h" |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
46 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
47 |
// PKIX dependencies |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
48 |
#include <pkixcertchain.h> |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
49 |
#include <x509keys.h> |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
50 |
#include <ocsp.h> |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
51 |
#include <securitydefsconst.h> |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
52 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
53 |
#include <ccertattributefilter.h> |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
54 |
#include <ct/mcttoken.h> |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
55 |
//#include <mctcertstore.h> |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
56 |
#include "cfstokentypeclient.h" |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
57 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
58 |
// Crypto dependencies |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
59 |
#include <hash.h> |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
60 |
#include <swicertstore.h> |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
61 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
62 |
// SecMan includes |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
63 |
#include "chainvalidator.h" |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
64 |
#include "certificateretriever.h" |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
65 |
#include "signatureverifier.h" |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
66 |
#include "securitypolicy.h" |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
67 |
#include "revocationhandler.h" |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
68 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
69 |
const TInt KFileBufferSize = 1024; // 1k buffer used to read the data to be hashed |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
70 |
_LIT(KSecurityManagerName, "_Security_Manager_"); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
71 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
72 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
73 |
using namespace Swi; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
74 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
75 |
// |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
76 |
// Life Cycle methods |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
77 |
// |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
78 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
79 |
EXPORT_C CSecurityManager* CSecurityManager::NewL() |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
80 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
81 |
CSecurityManager* self = CSecurityManager::NewLC(); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
82 |
CleanupStack::Pop(self); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
83 |
return self; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
84 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
85 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
86 |
EXPORT_C CSecurityManager* CSecurityManager::NewLC() |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
87 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
88 |
CSecurityManager* self = new(ELeave) CSecurityManager(); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
89 |
CleanupStack::PushL(self); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
90 |
self->ConstructL(); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
91 |
return self; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
92 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
93 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
94 |
EXPORT_C CSecurityPolicy& CSecurityManager::SecurityPolicy() const |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
95 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
96 |
return *iSecPolicy; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
97 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
98 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
99 |
CSecurityManager::CSecurityManager() : CActive(EPriorityNormal) |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
100 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
101 |
CActiveScheduler::Add(this); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
102 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
103 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
104 |
CSecurityManager::~CSecurityManager() |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
105 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
106 |
Deque(); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
107 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
108 |
if (iCurrentPkixChain) |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
109 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
110 |
delete iCurrentPkixChain; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
111 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
112 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
113 |
if (iCertStore) |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
114 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
115 |
iCertStore->Release(); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
116 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
117 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
118 |
if (iCertificateRetriever) |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
119 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
120 |
delete iCertificateRetriever; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
121 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
122 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
123 |
if (iChainValidator) |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
124 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
125 |
delete iChainValidator; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
126 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
127 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
128 |
if (iRevocationHandler) |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
129 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
130 |
delete iRevocationHandler; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
131 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
132 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
133 |
iValidPkixChains.ResetAndDestroy(); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
134 |
iUntrustedRoots.ResetAndDestroy(); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
135 |
iDeviceIDs.ResetAndDestroy(); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
136 |
TInt count = iTrustedRoots.Count(); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
137 |
// Release certificates from the list |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
138 |
for (TInt i = 0; i < count; ++i) |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
139 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
140 |
iTrustedRoots[0]->Release(); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
141 |
iTrustedRoots.Remove(0); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
142 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
143 |
iTrustedRoots.Close(); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
144 |
iCertMetaInfo.Reset(); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
145 |
iFs.Close(); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
146 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
147 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
148 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
149 |
void CSecurityManager::ConstructL() |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
150 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
151 |
User::LeaveIfError(iFs.Connect()); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
152 |
iSecPolicy = CSecurityPolicy::GetSecurityPolicyL(); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
153 |
iCertStore=CSWICertStore::NewL(iFs); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
154 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
155 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
156 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
157 |
// |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
158 |
// Active Objects methods |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
159 |
// |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
160 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
161 |
void CSecurityManager::RunL() |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
162 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
163 |
DEBUG_PRINTF3(_L8("Security Manager - RunL(). State: %d, Status: %d."), |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
164 |
iState, iStatus.Int()); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
165 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
166 |
if (iStatus.Int() != KErrNone) |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
167 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
168 |
User::Leave(iStatus.Int()); // Hop into RunError() |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
169 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
170 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
171 |
switch (iState) |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
172 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
173 |
case ERetrievedTrustedRoots: |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
174 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
175 |
iCertMetaInfo.Reset(); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
176 |
TInt trustedCertCount = iTrustedRoots.Count(); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
177 |
for (TInt i = 0; i < trustedCertCount; ++i) |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
178 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
179 |
CCTCertInfo& certInfo=*iTrustedRoots[i]; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
180 |
DEBUG_CODE_SECTION( |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
181 |
DEBUG_PRINTF2(_L("Security Manager - SWI certstore contains trust anchor certificate '%S'"), |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
182 |
&(certInfo.Label())); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
183 |
); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
184 |
TCertMetaInfo metaInfo = iCertStore->CertMetaInfoL(certInfo); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
185 |
iCertMetaInfo.AppendL(metaInfo); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
186 |
if (metaInfo.iIsMandatory) |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
187 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
188 |
iMandatoryCertDNCount++; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
189 |
DEBUG_CODE_SECTION( |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
190 |
DEBUG_PRINTF2(_L("Security Manager - SWI certstore contains mandatory certificate '%S'"), |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
191 |
&(certInfo.Label())); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
192 |
); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
193 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
194 |
if (metaInfo.iIsSystemUpgrade) |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
195 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
196 |
DEBUG_CODE_SECTION( |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
197 |
DEBUG_PRINTF2(_L("Security Manager - SWI certstore contains system upgrade certificate '%S'"), |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
198 |
&(certInfo.Label())); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
199 |
); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
200 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
201 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
202 |
// After we get here, we have retrieved mandatory certificates |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
203 |
// We may have an unsigned sis file in which case we do not want to verify the block |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
204 |
// since there isn't one, so bail here with the correct error |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
205 |
if (iChains.Count() == 0) |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
206 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
207 |
if (iMandatoryCertDNCount == 0) |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
208 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
209 |
*iResult = ESignatureNotPresent; // No mandatory certs, so just say unsigned |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
210 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
211 |
else |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
212 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
213 |
*iResult = EMandatorySignatureMissing; // more important error code overrides |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
214 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
215 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
216 |
User::RequestComplete(iClientStatus, KErrNone); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
217 |
break; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
218 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
219 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
220 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
221 |
VerifyBlockL(iCurrentChain); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
222 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
223 |
break; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
224 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
225 |
case EValidatingChain : |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
226 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
227 |
CPKIXValidationResultBase* result = (*iValidationResultsOut)[iCurrentChain]; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
228 |
::TValidationStatus resultStatus = result->Error(); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
229 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
230 |
DEBUG_PRINTF3(_L8("Security Manager - Certificate validation result was %d. (If applicable, error on certificate %d.)"), |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
231 |
resultStatus.iReason, resultStatus.iCert); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
232 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
233 |
iCurrentChain++; // Next chain to validate |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
234 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
235 |
if (resultStatus.iReason != EValidatedOK) |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
236 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
237 |
// we can discard the invalid cert chain |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
238 |
delete iCurrentPkixChain; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
239 |
iCurrentPkixChain = NULL; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
240 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
241 |
// ooops |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
242 |
if (iChains.Count() > iCurrentChain) // This is the ValidateANY policy |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
243 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
244 |
VerifyBlockL(iCurrentChain); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
245 |
break; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
246 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
247 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
248 |
else |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
249 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
250 |
iHasValidated = ETrue; // At least one chain has been validated! Hurrah! |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
251 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
252 |
// check if a chain has validated that is not self signed |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
253 |
if (*iResult != ESignatureSelfSigned) |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
254 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
255 |
iHasValidatedTrusted = ETrue; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
256 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
257 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
258 |
// From here on the chain has been validated successfully |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
259 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
260 |
iTotalCapabilitiesOut->Union(iCurrentCapabilities); // Update the total capabilities |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
261 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
262 |
// Reduce the count from the list of mandatory certs |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
263 |
UpdateListOfMissingRequiredCertsL(iCurrentPkixChain->Cert(iCurrentPkixChain->Count()-1)); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
264 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
265 |
// Updage the System Upgrade status of the Certificate |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
266 |
UpdateSystemUpgradeCertStatusL(iCurrentPkixChain->Cert(iCurrentPkixChain->Count()-1)); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
267 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
268 |
User::LeaveIfError(iValidPkixChains.Append(iCurrentPkixChain)); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
269 |
// this chain will be used for OCSP checking if required, so record it. |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
270 |
iController->AddChainIndex(iCurrentChain-1); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
271 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
272 |
iCurrentPkixChain = NULL; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
273 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
274 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
275 |
if (iCurrentChain == iChains.Count()) |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
276 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
277 |
if (iMandatoryCertDNCount == 0) |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
278 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
279 |
// Mandatory certs prerequisites met |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
280 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
281 |
if (iHasValidated) |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
282 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
283 |
//Build the certificate chain constraints |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
284 |
CCertChainConstraints* certChainConstraints(0); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
285 |
TRAPD(err, certChainConstraints=CCertChainConstraints::NewL(iValidPkixChains)); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
286 |
if (err) |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
287 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
288 |
*iResult = ECertificateValidationError; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
289 |
User::RequestComplete(iClientStatus, KErrNone); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
290 |
return; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
291 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
292 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
293 |
*iResult = iHasValidatedTrusted ? EValidationSucceeded : ESignatureSelfSigned; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
294 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
295 |
//Pass the certificate chain constraints ownership to controller |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
296 |
Sis::CController* controller=const_cast<Sis::CController*>(iController); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
297 |
controller->SetCertChainConstraints(certChainConstraints); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
298 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
299 |
//Set the dev cert found flag if dev cert first time found |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
300 |
if (iDevCertWarningState==ENoDevCerts && |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
301 |
(certChainConstraints->SIDsAreConstrained() |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
302 |
||certChainConstraints->VIDsAreConstrained() |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
303 |
||certChainConstraints->DeviceIDsAreConstrained() |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
304 |
||certChainConstraints->CapabilitiesAreConstrained())) |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
305 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
306 |
DEBUG_PRINTF(_L("Security Manager - At least one certificate chain contains a devcert.")); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
307 |
iDevCertWarningState=EFoundDevCerts; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
308 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
309 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
310 |
//Check if the device id is contrained and the device Id has been retrieved |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
311 |
if (certChainConstraints->DeviceIDsAreConstrained() && iDeviceIDs.Count()==0) |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
312 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
313 |
//Retrieve and Save the device ID list then complete |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
314 |
RDeviceInfo deviceInfo; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
315 |
User::LeaveIfError(deviceInfo.Connect()); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
316 |
CleanupClosePushL(deviceInfo); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
317 |
const RPointerArray<HBufC>& tempbuf=deviceInfo.DeviceIdsL(); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
318 |
for (TInt i=0;i<tempbuf.Count();i++) |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
319 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
320 |
HBufC* element=tempbuf[i]->AllocLC(); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
321 |
iDeviceIDs.AppendL(element); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
322 |
CleanupStack::Pop(element); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
323 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
324 |
CleanupStack::PopAndDestroy(&deviceInfo); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
325 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
326 |
iState = EChecksDone; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
327 |
TRequestStatus* status = &iStatus; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
328 |
User::RequestComplete(status, KErrNone); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
329 |
SetActive(); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
330 |
return; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
331 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
332 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
333 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
334 |
if (iMandatoryCertDNCount != 0) |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
335 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
336 |
*iResult = EMandatorySignatureMissing; // We did not meet mandatory cert requirements! |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
337 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
338 |
else |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
339 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
340 |
if (!iHasValidated) |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
341 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
342 |
*iResult = ECertificateValidationError; // No chain ever validated |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
343 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
344 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
345 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
346 |
User::RequestComplete(iClientStatus, KErrNone); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
347 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
348 |
else |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
349 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
350 |
VerifyBlockL(iCurrentChain); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
351 |
return; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
352 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
353 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
354 |
break; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
355 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
356 |
case ERevalidatingChain: |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
357 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
358 |
TInt chainIndex = (*iChainListIndices)[iCurrentChain]; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
359 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
360 |
CPKIXValidationResultBase* result = (*iValidationResultsOut)[iCurrentChain]; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
361 |
::TValidationStatus resultStatus = result->Error(); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
362 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
363 |
DEBUG_PRINTF3(_L8("Security Manager - Certificate validation result was %d. (If applicable, error on certificate %d.)"), |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
364 |
resultStatus.iReason, resultStatus.iCert); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
365 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
366 |
iCurrentChain++; // Next chain to validate |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
367 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
368 |
if (resultStatus.iReason != EValidatedOK) |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
369 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
370 |
// We can discard the invalid chain. |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
371 |
delete iCurrentPkixChain; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
372 |
iCurrentPkixChain = NULL; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
373 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
374 |
// ooops |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
375 |
if (iChains.Count() > chainIndex) |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
376 |
{ // This is the ValidateANY policy |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
377 |
VerifyBlockL(chainIndex); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
378 |
break; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
379 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
380 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
381 |
else |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
382 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
383 |
iHasValidated = ETrue; // At least one chain has been validated! Hurrah! |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
384 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
385 |
// check if a chain has validated that is not self signed |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
386 |
if (*iResult != ESignatureSelfSigned) |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
387 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
388 |
iHasValidatedTrusted = ETrue; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
389 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
390 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
391 |
// From here on the chain has been validated successfully |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
392 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
393 |
iTotalCapabilitiesOut->Union(iCurrentCapabilities); // Update the total capabilities |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
394 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
395 |
// Reduce the count from the list of mandatory certs |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
396 |
UpdateListOfMissingRequiredCertsL(iCurrentPkixChain->Cert(iCurrentPkixChain->Count()-1)); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
397 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
398 |
// Updage the System Upgrade status of the Certificate |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
399 |
UpdateSystemUpgradeCertStatusL(iCurrentPkixChain->Cert(iCurrentPkixChain->Count()-1)); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
400 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
401 |
iValidPkixChains.AppendL(iCurrentPkixChain); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
402 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
403 |
iCurrentPkixChain = NULL; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
404 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
405 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
406 |
if (chainIndex == iChains.Count()) |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
407 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
408 |
if (iHasValidated) |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
409 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
410 |
//Build the certificate chain constraints |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
411 |
CCertChainConstraints* certChainConstraints(0); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
412 |
TRAPD(err, certChainConstraints=CCertChainConstraints::NewL(iValidPkixChains)); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
413 |
if (err) |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
414 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
415 |
*iResult = ECertificateValidationError; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
416 |
User::RequestComplete(iClientStatus, KErrNone); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
417 |
return; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
418 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
419 |
else |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
420 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
421 |
*iResult = iHasValidatedTrusted ? EValidationSucceeded : ESignatureSelfSigned; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
422 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
423 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
424 |
//Pass the certificate chain constraints ownership to controller |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
425 |
Sis::CController* controller=const_cast<Sis::CController*>(iController); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
426 |
controller->SetCertChainConstraints(certChainConstraints); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
427 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
428 |
//Check if the device id is contrained and the device Id has been retrieved |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
429 |
if (certChainConstraints->DeviceIDsAreConstrained() && iDeviceIDs.Count()==0) |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
430 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
431 |
//Retrieve and Save the device ID list then complete |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
432 |
RDeviceInfo deviceInfo; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
433 |
User::LeaveIfError(deviceInfo.Connect()); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
434 |
CleanupClosePushL(deviceInfo); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
435 |
const RPointerArray<HBufC>& tempbuf=deviceInfo.DeviceIdsL(); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
436 |
for (TInt i=0;i<tempbuf.Count();i++) |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
437 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
438 |
HBufC* element=tempbuf[i]->AllocLC(); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
439 |
iDeviceIDs.AppendL(element); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
440 |
CleanupStack::Pop(element); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
441 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
442 |
CleanupStack::PopAndDestroy(&deviceInfo); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
443 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
444 |
iState = EChecksDone; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
445 |
TRequestStatus* status = &iStatus; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
446 |
User::RequestComplete(status, KErrNone); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
447 |
SetActive(); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
448 |
return; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
449 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
450 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
451 |
else |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
452 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
453 |
*iResult = ECertificateValidationError; // No chain ever validated |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
454 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
455 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
456 |
User::RequestComplete(iClientStatus, KErrNone); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
457 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
458 |
else |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
459 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
460 |
VerifyBlockL(chainIndex); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
461 |
return; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
462 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
463 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
464 |
break; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
465 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
466 |
case EOCSPCheck: |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
467 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
468 |
iState = EChecksDone; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
469 |
ProcessOcspOutcomesL(); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
470 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
471 |
TRequestStatus* status = &iStatus; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
472 |
User::RequestComplete(status, KErrNone); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
473 |
SetActive(); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
474 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
475 |
break; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
476 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
477 |
case EChecksDone: |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
478 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
479 |
// If the validation is done by certs passed by third party(API user) |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
480 |
// instead of cert-store then even on successful validation |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
481 |
// the result of validation is ESignatureSelfSigned. |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
482 |
// But if iUntrustedRoots count is not zero then the result is |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
483 |
// really ESignatureSelfSigned. |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
484 |
if (NULL != iRootCerts && iHasValidated) |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
485 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
486 |
*iResult = EValidationSucceeded; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
487 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
488 |
// Complete the client and be happy |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
489 |
User::RequestComplete(iClientStatus, KErrNone); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
490 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
491 |
break; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
492 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
493 |
default: |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
494 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
495 |
User::Panic(KSecurityManagerName, 1); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
496 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
497 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
498 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
499 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
500 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
501 |
void CSecurityManager::ProcessOcspOutcomesL() |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
502 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
503 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
504 |
// Identify the worst outcome overall, and the worst in each chain. |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
505 |
// The OCSP outcomes are in the same order as the valid chains and |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
506 |
// certificates within them, with the number of outcomes per chain |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
507 |
// one fewer than the number of certs in the chain. |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
508 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
509 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
510 |
TInt numOutcomes=iRevocationHandler->TransactionCount(); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
511 |
TInt currentChain = 0; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
512 |
TInt chainErrorLevel = 0; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
513 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
514 |
// Since the number of outcomes is 1 fewer than the number of certs in the |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
515 |
// PkixChain, the index for the last outcome of the first chain will be |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
516 |
// 2 lower than the number of certs in the chain. |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
517 |
TInt chainLastOutcomeIndex = iValidPkixChains[0]->Count() - 2; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
518 |
TInt chainWorstOutcome = 0; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
519 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
520 |
// This variable is used to record the most serious error condition. |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
521 |
TInt errorLevel = 0; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
522 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
523 |
DEBUG_PRINTF2(_L8("Security Manager - OCSP check complete. %d OCSP outcomes."), numOutcomes); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
524 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
525 |
for (TInt i=0; i<numOutcomes; i++) |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
526 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
527 |
const TOCSPOutcome& outcome=iRevocationHandler->Outcome(i); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
528 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
529 |
DEBUG_PRINTF4(_L8("Security Manager - OCSP outcome %d; Status: %d, Result: %d."), |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
530 |
i, outcome.iStatus, outcome.iResult); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
531 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
532 |
if (outcome.iResult == OCSP::ERevoked) |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
533 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
534 |
// If any certificate is revoked then installation must be aborted |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
535 |
// but we still want to identify the worst case for each chain for |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
536 |
// the purposes of the error dialog. |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
537 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
538 |
*iRevocationMessage = ECertificateStatusIsRevoked; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
539 |
errorLevel = 6; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
540 |
chainWorstOutcome = i; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
541 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
542 |
// Skip the rest of the outcomes for this chain. |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
543 |
i = chainLastOutcomeIndex; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
544 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
545 |
else if (outcome.iResult != OCSP::EGood) |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
546 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
547 |
switch (outcome.iStatus) |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
548 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
549 |
// permanent errors, no user interaction is required |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
550 |
case OCSP::ENoServerSpecified: |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
551 |
case OCSP::EClientInternalError: |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
552 |
case OCSP::EMalformedRequest: |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
553 |
case OCSP::EUnknownResponseType: |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
554 |
case OCSP::EClientUnauthorised: |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
555 |
case OCSP::EUnknownCriticalExtension: |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
556 |
case OCSP::EMissingCertificates: |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
557 |
case OCSP::ESignatureRequired: |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
558 |
case OCSP::EThisUpdateTooLate: |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
559 |
case OCSP::EThisUpdateTooEarly: |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
560 |
case OCSP::ENextUpdateTooEarly: |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
561 |
case OCSP::ECertificateNotValidAtValidationTime: |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
562 |
case OCSP::ENonceMismatch: |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
563 |
if (errorLevel < 5) |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
564 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
565 |
errorLevel = 5; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
566 |
*iRevocationMessage = EInvalidCertificateStatusInformation; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
567 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
568 |
if (chainErrorLevel < 5) |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
569 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
570 |
chainErrorLevel = 5; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
571 |
chainWorstOutcome = i; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
572 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
573 |
break; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
574 |
case OCSP::EResponseSignatureValidationFailure: |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
575 |
if (errorLevel < 4) |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
576 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
577 |
errorLevel = 4; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
578 |
*iRevocationMessage = EResponseSignatureValidationFailure; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
579 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
580 |
if (chainErrorLevel < 4) |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
581 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
582 |
chainErrorLevel = 4; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
583 |
chainWorstOutcome = i; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
584 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
585 |
break; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
586 |
// permanent errors, ask the user |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
587 |
case OCSP::EValid: |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
588 |
if (errorLevel < 3) |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
589 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
590 |
errorLevel = 3; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
591 |
*iRevocationMessage = ECertificateStatusIsUnknown; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
592 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
593 |
if (chainErrorLevel < 3) |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
594 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
595 |
chainErrorLevel = 3; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
596 |
chainWorstOutcome = i; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
597 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
598 |
break; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
599 |
// transient errors - user can retry |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
600 |
case OCSP::EInvalidURI: |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
601 |
if (errorLevel < 2) |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
602 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
603 |
errorLevel = 2; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
604 |
*iRevocationMessage = EInvalidRevocationServerUrl; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
605 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
606 |
if (chainErrorLevel < 2) |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
607 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
608 |
chainErrorLevel = 2; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
609 |
chainWorstOutcome = i; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
610 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
611 |
break; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
612 |
case OCSP::ETryLater: |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
613 |
case OCSP::ETransportError: |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
614 |
case OCSP::EServerInternalError: |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
615 |
case OCSP::EMissingNonce: |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
616 |
if (errorLevel < 1) |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
617 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
618 |
errorLevel = 1; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
619 |
*iRevocationMessage = EUnableToObtainCertificateStatus; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
620 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
621 |
if (chainErrorLevel < 1) |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
622 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
623 |
chainErrorLevel = 1; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
624 |
chainWorstOutcome = i; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
625 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
626 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
627 |
break; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
628 |
default: |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
629 |
// All possible OCSP responses should be checked |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
630 |
__ASSERT_ALWAYS(EFalse, User::Leave(KErrArgument)); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
631 |
break; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
632 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
633 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
634 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
635 |
// If this is the end of the chain, store the worst outcome for the |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
636 |
// chain in the output outcome array. |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
637 |
if (i == chainLastOutcomeIndex) |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
638 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
639 |
TOCSPOutcome* chainOutcome=new(ELeave) TOCSPOutcome(iRevocationHandler->Outcome(chainWorstOutcome)); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
640 |
CleanupStack::PushL(chainOutcome); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
641 |
iOcspOutcomeOut->AppendL(chainOutcome); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
642 |
CleanupStack::Pop(chainOutcome); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
643 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
644 |
// If there are more chains to consider, get set to identify the |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
645 |
// worst outcome in the next chain. |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
646 |
if (++currentChain < iValidPkixChains.Count()) |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
647 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
648 |
chainErrorLevel = 0; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
649 |
chainWorstOutcome = i + 1; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
650 |
chainLastOutcomeIndex += iValidPkixChains[currentChain]->Count() - 1; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
651 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
652 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
653 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
654 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
655 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
656 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
657 |
void CSecurityManager::DoCancel() |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
658 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
659 |
DEBUG_PRINTF2(_L8("Security Manager - Cancelling in state %d."), iState); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
660 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
661 |
switch (iState) |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
662 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
663 |
case ERetrievedTrustedRoots: |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
664 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
665 |
iCertificateRetriever->Cancel(); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
666 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
667 |
break; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
668 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
669 |
case EValidatingChain: |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
670 |
case ERevalidatingChain: |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
671 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
672 |
iChainValidator->Cancel(); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
673 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
674 |
break; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
675 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
676 |
case EOCSPCheck: |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
677 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
678 |
iRevocationHandler->Cancel(); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
679 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
680 |
break; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
681 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
682 |
case EChecksDone: |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
683 |
default: |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
684 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
685 |
// Do nothing |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
686 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
687 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
688 |
if(iClientStatus) |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
689 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
690 |
User::RequestComplete(iClientStatus,KErrCancel); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
691 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
692 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
693 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
694 |
TInt CSecurityManager::RunError(TInt aError) |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
695 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
696 |
DEBUG_PRINTF2(_L8("Security Manager - RunError(). Error code %d."), aError); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
697 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
698 |
User::RequestComplete(iClientStatus, aError); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
699 |
return KErrNone; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
700 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
701 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
702 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
703 |
// |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
704 |
// Business methods |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
705 |
// |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
706 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
707 |
EXPORT_C void CSecurityManager::PerformOcspL(const TDesC8& aOcspUri, |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
708 |
TUint32& aIap, |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
709 |
TRevocationDialogMessage* aRevocationMessageOut, |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
710 |
RPointerArray<TOCSPOutcome>& aOcspOutcomeOut, |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
711 |
RPointerArray<CX509Certificate>& aCertOut, |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
712 |
TRequestStatus& aStatus) |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
713 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
714 |
Cancel(); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
715 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
716 |
DEBUG_PRINTF2(_L8("Security Manager - Performing OCSP with revocation server at %S."), |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
717 |
&aOcspUri); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
718 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
719 |
// Reset and re-populate certificate list to contain only end certificates |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
720 |
// from valid chains, so that the end cert list can be correlated with the |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
721 |
// list of outcomes. |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
722 |
aCertOut.ResetAndDestroy(); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
723 |
TInt numChains = iValidPkixChains.Count(); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
724 |
for (TInt index = 0; index < numChains; index++) |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
725 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
726 |
CX509Certificate* certOut = CX509Certificate::NewLC(iValidPkixChains[index]->Cert(0)); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
727 |
aCertOut.AppendL(certOut); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
728 |
CleanupStack::Pop(certOut); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
729 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
730 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
731 |
DEBUG_PRINTF2(_L8("Security Manager - Validating %d certificate chains for this controller."), numChains); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
732 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
733 |
iClientStatus = &aStatus; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
734 |
*iClientStatus = KRequestPending; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
735 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
736 |
iOcspOutcomeOut = &aOcspOutcomeOut; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
737 |
iRevocationMessage = aRevocationMessageOut; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
738 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
739 |
// Make sure to delete earlier object |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
740 |
if (iRevocationHandler) |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
741 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
742 |
delete iRevocationHandler; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
743 |
iRevocationHandler = NULL; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
744 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
745 |
iRevocationHandler = CRevocationHandler::NewL(*iCertStore); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
746 |
iRevocationHandler->SetDefaultURIL(aOcspUri); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
747 |
iState = EOCSPCheck; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
748 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
749 |
iRevocationHandler->SendRequestL(iValidPkixChains, aIap, iStatus); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
750 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
751 |
SetActive(); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
752 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
753 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
754 |
EXPORT_C void CSecurityManager::VerifyControllerL( |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
755 |
TDesC8& aRawController, |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
756 |
const Sis::CController& aController, |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
757 |
TSignatureValidationResult* aResultOut, |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
758 |
RPointerArray<CPKIXValidationResultBase>& aPkixResultsOut, |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
759 |
RPointerArray<CX509Certificate>& aCertsOut, |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
760 |
TCapabilitySet* aCapabilitySetOut, |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
761 |
TBool& aAllowUnsigned, |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
762 |
TBool& aIsEmbeddedController, |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
763 |
TRequestStatus& aStatus, |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
764 |
TBool aCheckDateAndTime) |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
765 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
766 |
DEBUG_PRINTF(_L8("Security Manager - Validating Controller")); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
767 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
768 |
iResult = aResultOut; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
769 |
iChains = aController.SignatureCertificateChains(); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
770 |
iController = &aController; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
771 |
iEndCertificatesOut = &aCertsOut; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
772 |
iValidationResultsOut = &aPkixResultsOut; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
773 |
iTotalCapabilitiesOut = aCapabilitySetOut; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
774 |
iIsEmbeddedController = aIsEmbeddedController; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
775 |
iCheckDateAndTime = aCheckDateAndTime; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
776 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
777 |
// Initialy assume that the chain is not validated |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
778 |
iHasValidated = EFalse; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
779 |
iHasValidatedTrusted = EFalse; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
780 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
781 |
*iResult = ESignatureNotPresent; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
782 |
aAllowUnsigned=iSecPolicy->AllowUnsigned(); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
783 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
784 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
785 |
iClientStatus = &aStatus; // Store caller's request status |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
786 |
*iClientStatus = KRequestPending; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
787 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
788 |
if (iChains.Count() == 0) |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
789 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
790 |
User::RequestComplete(iClientStatus, KErrNone); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
791 |
return; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
792 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
793 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
794 |
iRawController.Set(aRawController); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
795 |
iCurrentChain = 0; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
796 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
797 |
// First retrieve all CA certificates |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
798 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
799 |
delete iCertificateRetriever; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
800 |
iCertificateRetriever = NULL; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
801 |
iCertificateRetriever = CCertificateRetriever::NewL(*iCertStore); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
802 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
803 |
delete iChainValidator; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
804 |
iChainValidator = NULL; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
805 |
iChainValidator = CChainValidator::NewL(*iCertStore, *iSecPolicy); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
806 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
807 |
iState = ERetrievedTrustedRoots; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
808 |
SetActive(); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
809 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
810 |
// No need to fetch certificates from the certstore if the root certs |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
811 |
// are already provided by the caller. or |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
812 |
// The root Certificates already fetched from certstore in case of embedded packages |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
813 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
814 |
if(NULL == iRootCerts && iTrustedRoots.Count() == 0) |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
815 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
816 |
iCertificateRetriever->RetrieveCACertificates( |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
817 |
iTrustedRoots, iStatus); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
818 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
819 |
else |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
820 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
821 |
TRequestStatus* tempStatus = &iStatus; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
822 |
User::RequestComplete(tempStatus, KErrNone); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
823 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
824 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
825 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
826 |
EXPORT_C void CSecurityManager::ReverifyControllerL( |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
827 |
TDesC8& aRawController, |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
828 |
const Sis::CController& aController, |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
829 |
const RArray<TInt>& aChainListIndices, |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
830 |
TSignatureValidationResult* aResultOut, |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
831 |
RPointerArray<CPKIXValidationResultBase>& aPkixResultsOut, |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
832 |
RPointerArray<CX509Certificate>& aCertsOut, |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
833 |
TCapabilitySet* aCapabilitySetOut, |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
834 |
TBool& aAllowUnsigned, |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
835 |
TRequestStatus& aStatus) |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
836 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
837 |
DEBUG_PRINTF(_L8("Security Manager - Re-Verifying Controller")); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
838 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
839 |
iResult = aResultOut; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
840 |
iChains = aController.SignatureCertificateChains(); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
841 |
iController = &aController; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
842 |
iChainListIndices = &aChainListIndices; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
843 |
iEndCertificatesOut = &aCertsOut; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
844 |
iValidationResultsOut = &aPkixResultsOut; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
845 |
iTotalCapabilitiesOut = aCapabilitySetOut; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
846 |
iIsEmbeddedController = ETrue; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
847 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
848 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
849 |
*iResult = ESignatureNotPresent; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
850 |
aAllowUnsigned = iSecPolicy->AllowUnsigned(); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
851 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
852 |
iClientStatus = &aStatus; // Store caller's request status |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
853 |
*iClientStatus = KRequestPending; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
854 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
855 |
if (iChains.Count() == 0) |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
856 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
857 |
// This is an unsigned SISX file |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
858 |
User::RequestComplete(iClientStatus, KErrNone); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
859 |
return; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
860 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
861 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
862 |
iRawController.Set(aRawController); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
863 |
iCurrentChain = 0; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
864 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
865 |
delete iCertificateRetriever; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
866 |
iCertificateRetriever = NULL; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
867 |
iCertificateRetriever = CCertificateRetriever::NewL(*iCertStore); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
868 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
869 |
delete iChainValidator; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
870 |
iChainValidator = NULL; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
871 |
iChainValidator = CChainValidator::NewL(*iCertStore, *iSecPolicy); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
872 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
873 |
// We may have an unsigned sis file in which case we do not want to verify the block |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
874 |
// since there isn't one, so bail here with the correct error |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
875 |
if (iChains.Count() == 0) |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
876 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
877 |
User::RequestComplete(iClientStatus, KErrNone); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
878 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
879 |
else |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
880 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
881 |
TInt currentChain = (*iChainListIndices)[iCurrentChain]; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
882 |
VerifyBlockL(currentChain); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
883 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
884 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
885 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
886 |
TInt CSecurityManager::SignedSize(TInt iChainsToAdd) const |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
887 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
888 |
TInt64 size = 0; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
889 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
890 |
const Sis::CInfo& info = iController->Info(); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
891 |
size += info.Length() + info.HeaderSize() + info.PaddingSize(); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
892 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
893 |
const Sis::CSupportedOptions& options = iController->SupportedOptions(); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
894 |
size += options.Length() + options.HeaderSize() + options.PaddingSize(); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
895 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
896 |
const Sis::CSupportedLanguages& languages = iController->SupportedLanguages(); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
897 |
size += languages.Length() + languages.HeaderSize() + languages.PaddingSize(); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
898 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
899 |
const Sis::CPrerequisites& prerequisites = iController->Prerequisites(); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
900 |
size += prerequisites.Length() + prerequisites.HeaderSize() + prerequisites.PaddingSize(); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
901 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
902 |
const Sis::CProperties& props = iController->Properties(); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
903 |
size += props.Length() + props.HeaderSize() + props.PaddingSize(); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
904 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
905 |
const Sis::CLogo* logo = iController->Logo(); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
906 |
if (logo != NULL) |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
907 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
908 |
size += logo->Length() + logo->HeaderSize() + logo->PaddingSize(); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
909 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
910 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
911 |
const Sis::CInstallBlock& installblock = iController->InstallBlock(); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
912 |
size += installblock.Length() + installblock.HeaderSize() + installblock.PaddingSize(); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
913 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
914 |
for (TInt k = 0; k < iChainsToAdd; k++) |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
915 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
916 |
size += iChains[k]->Length() + iChains[k]->HeaderSize() + iChains[k]->PaddingSize(); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
917 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
918 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
919 |
return I64INT(size); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
920 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
921 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
922 |
void CSecurityManager::VerifyBlockL(TInt aChainIndex) |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
923 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
924 |
DEBUG_PRINTF2(_L8("Security Manager - Validating certificate chain %d."), aChainIndex); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
925 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
926 |
Sis::CSignatureCertificateChain& chain = *iChains[aChainIndex]; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
927 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
928 |
// First verify the signature |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
929 |
const RPointerArray<Sis::CSignature> signatures = chain.Signatures(); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
930 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
931 |
// Determine the size of the controller data which was signed |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
932 |
TInt size = SignedSize(aChainIndex); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
933 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
934 |
const Sis::CCertificateChain& certChain = chain.CertificateChain(); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
935 |
const TPtrC8 data = certChain.Data(); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
936 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
937 |
TInt pos = 0; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
938 |
TInt end = data.Length(); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
939 |
iUntrustedRoots.ResetAndDestroy(); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
940 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
941 |
// Find all the self-signed certificates in the chain as possible root candidates |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
942 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
943 |
while (pos < end) |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
944 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
945 |
CX509Certificate* decoded = CX509Certificate::NewLC(data, pos); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
946 |
if (decoded->IsSelfSignedL()) |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
947 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
948 |
// If the root isn't in the trusted list, append it to the untrusted roots |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
949 |
TBool found = EFalse; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
950 |
if(NULL == iRootCerts) |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
951 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
952 |
for (TInt i = 0; i < iTrustedRoots.Count(); i++) |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
953 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
954 |
CCTCertInfo* root = iTrustedRoots[i]; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
955 |
if (root->SubjectKeyId() == decoded->KeyIdentifierL()) |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
956 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
957 |
found = ETrue; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
958 |
break; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
959 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
960 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
961 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
962 |
else |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
963 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
964 |
for (TInt i = iRootCerts->Count() - 1; i >= 0; --i) |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
965 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
966 |
CX509Certificate* root = (*iRootCerts)[i]; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
967 |
if (root->KeyIdentifierL() == decoded->KeyIdentifierL()) |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
968 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
969 |
found = ETrue; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
970 |
break; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
971 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
972 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
973 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
974 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
975 |
if (!found) |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
976 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
977 |
iUntrustedRoots.AppendL(decoded); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
978 |
CleanupStack::Pop(decoded); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
979 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
980 |
else |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
981 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
982 |
CleanupStack::PopAndDestroy(decoded); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
983 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
984 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
985 |
else |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
986 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
987 |
CleanupStack::PopAndDestroy(decoded); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
988 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
989 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
990 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
991 |
DEBUG_PRINTF2(_L8("Security Manager - Found %d non-trusted candidate root certificates"), iUntrustedRoots.Count()); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
992 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
993 |
// If we have self signed roots, don't look in the certstore for a further root |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
994 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
995 |
TBool hasUntrustedRoot = (iUntrustedRoots.Count() > 0); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
996 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
997 |
if (NULL != iRootCerts) |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
998 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
999 |
DEBUG_PRINTF(_L8("Security Manager - Validating chain using user provided roots")); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1000 |
iCurrentPkixChain = CPKIXCertChainBase::NewL(*iCertStore, data, *iRootCerts); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1001 |
hasUntrustedRoot = ETrue; // These root certs are considered untrusted. |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1002 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1003 |
else if(hasUntrustedRoot) |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1004 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1005 |
DEBUG_PRINTF(_L8("Security Manager - Validating chain using untrusted roots")); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1006 |
iCurrentPkixChain = CPKIXCertChainBase::NewL(*iCertStore, data, iUntrustedRoots); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1007 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1008 |
else |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1009 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1010 |
DEBUG_PRINTF(_L8("Security Manager - Validating chain using trusted roots from store")); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1011 |
iCurrentPkixChain = CPKIXCertChainBase::NewL(*iCertStore, data, KSwiApplicabilityUid); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1012 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1013 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1014 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1015 |
DEBUG_PRINTF2(_L8("Security Manager - Certificate chain contains %d certificates."), iCurrentPkixChain->Count()); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1016 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1017 |
const CX509Certificate& clientCert = iCurrentPkixChain->Cert(0); // This is the ee certificate |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1018 |
CX509Certificate* endCertOut = CX509Certificate::NewLC(clientCert); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1019 |
iEndCertificatesOut->AppendL(endCertOut); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1020 |
CleanupStack::Pop(endCertOut); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1021 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1022 |
DEBUG_CODE_SECTION(HBufC* issuer = clientCert.IssuerL(); DEBUG_PRINTF2(_L("Security Manager - End Entity Certificate Issuer: '%S'."), issuer); delete issuer;); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1023 |
DEBUG_CODE_SECTION(HBufC* subject = clientCert.SubjectL(); DEBUG_PRINTF2(_L("Security Manager - End Entity Certificate Subject: '%S'."), subject); delete subject;); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1024 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1025 |
const CSubjectPublicKeyInfo& publicKey= clientCert.PublicKey(); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1026 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1027 |
DEBUG_PRINTF2(_L8("Security Manager - SIS file signed %d times with this certificate."), signatures.Count()); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1028 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1029 |
CSignatureVerifier* verifier = CSignatureVerifier::NewLC(); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1030 |
TBool result = EFalse; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1031 |
for (TInt k = 0; k < signatures.Count(); k++) |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1032 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1033 |
const TDesC& algorithmOID = signatures[k]->Algorithm().AlgorithmIdentifier().Data(); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1034 |
TRAP_IGNORE(result = verifier->VerifySignatureL(algorithmOID, publicKey, iRawController.Mid((iIsEmbeddedController ? 4 : iController->HeaderSize()), size), signatures[k]->Data())); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1035 |
if (result) |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1036 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1037 |
// We have a verify any policy on signatures (inside a given SISSignatureCertificateChain) |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1038 |
// Cf. SGL.GT0188.251 Section 4.3 |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1039 |
break; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1040 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1041 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1042 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1043 |
CleanupStack::PopAndDestroy(verifier); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1044 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1045 |
if (!result) // Signature not verified: something is WRONG. Abort. |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1046 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1047 |
DEBUG_PRINTF(_L8("Security Manager - No signature validated.")); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1048 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1049 |
*iResult = ESignatureCouldNotBeValidated; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1050 |
User::RequestComplete(iClientStatus, KErrNone); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1051 |
return; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1052 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1053 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1054 |
// The signature is good, validate the certificate chain |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1055 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1056 |
CPKIXValidationResultBase* validationResult = CPKIXValidationResultBase::NewLC(); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1057 |
iValidationResultsOut->Append(validationResult); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1058 |
CleanupStack::Pop(validationResult); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1059 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1060 |
iState = EValidatingChain; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1061 |
iCurrentPkixChain->SetValidityPeriodCheckFatal(iCheckDateAndTime); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1062 |
iChainValidator->ValidateChainL(*iCurrentPkixChain, *iResult, *validationResult, |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1063 |
iCurrentCapabilities, hasUntrustedRoot, iStatus); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1064 |
SetActive(); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1065 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1066 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1067 |
EXPORT_C HBufC8* CSecurityManager::CalculateHashLC(MSisDataProvider& aDataProvider, CMessageDigest::THashId aAlgorithm) |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1068 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1069 |
CMessageDigest* digest = CMessageDigestFactory::NewDigestLC(aAlgorithm); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1070 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1071 |
HBufC8* aBuffer = HBufC8::NewMaxLC(KFileBufferSize); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1072 |
TPtr8 aBufferPtr(aBuffer->Des()); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1073 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1074 |
User::LeaveIfError(aDataProvider.Read(aBufferPtr)); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1075 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1076 |
while (aBuffer->Length() != 0) |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1077 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1078 |
digest->Update(*aBuffer); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1079 |
User::LeaveIfError(aDataProvider.Read(aBufferPtr)); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1080 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1081 |
TPtrC8 hash = digest->Final(); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1082 |
HBufC8* hashBuffer = hash.AllocL(); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1083 |
CleanupStack::PopAndDestroy(2, digest); // aBuffer, digest |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1084 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1085 |
CleanupStack::PushL(hashBuffer); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1086 |
return hashBuffer; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1087 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1088 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1089 |
EXPORT_C TBool CSecurityManager::VerifyFileHashL(MSisDataProvider& aDataProvider, const CHashContainer& aDigest) |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1090 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1091 |
HBufC8* hashBuffer = CalculateHashLC(aDataProvider, aDigest.Algorithm()); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1092 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1093 |
TBool result = EFalse; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1094 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1095 |
TPtrC8 hash = hashBuffer->Des(); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1096 |
if (hash.Compare(aDigest.Data()) == 0) |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1097 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1098 |
result = ETrue; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1099 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1100 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1101 |
CleanupStack::PopAndDestroy(hashBuffer); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1102 |
return result; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1103 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1104 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1105 |
void CSecurityManager::UpdateListOfMissingRequiredCertsL(const CCertificate& aCertificate) |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1106 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1107 |
// Find aCertificate in iTrustedRoots and marked as nonmandatory for temporary! |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1108 |
TInt count = iTrustedRoots.Count(); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1109 |
for (TInt k = 0; k < count; k++) |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1110 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1111 |
CCTCertInfo* certInfo = iTrustedRoots[k]; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1112 |
if (iCertMetaInfo[k].iIsMandatory && !certInfo->SubjectKeyId().Compare(aCertificate.KeyIdentifierL())) |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1113 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1114 |
DEBUG_PRINTF2(_L("Security Manager - Mandatory certificate '%S' satisfied."), &(certInfo->Label())); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1115 |
// set the Mandatory is false so that next time this certificate won't be compared |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1116 |
iCertMetaInfo[k].iIsMandatory = 0; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1117 |
iMandatoryCertDNCount--; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1118 |
break; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1119 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1120 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1121 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1122 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1123 |
void CSecurityManager::UpdateSystemUpgradeCertStatusL(const CCertificate& aCertificate) |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1124 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1125 |
// Find aCertificate in iTrustedRoots and update the system upgrade trust status |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1126 |
TInt count = iTrustedRoots.Count(); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1127 |
for (TInt k = 0; k < count; k++) |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1128 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1129 |
CCTCertInfo* certInfo = iTrustedRoots[k]; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1130 |
if (iCertMetaInfo[k].iIsSystemUpgrade && certInfo->SubjectKeyId() == aCertificate.KeyIdentifierL()) |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1131 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1132 |
DEBUG_PRINTF2(_L("Security Manager - System upgrade certificate '%S' satisfied."), &(certInfo->Label())); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1133 |
// create a modifyable reference to the current controller |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1134 |
Sis::CController& controller = const_cast <Sis::CController&>(*iController); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1135 |
// set the SuCert validation status |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1136 |
controller.SetSignedBySuCert(ETrue); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1137 |
break; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1138 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1139 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1140 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1141 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1142 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1143 |
EXPORT_C void CSecurityManager::GetCertificatesFromControllerL( |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1144 |
const Sis::CController& aController, |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1145 |
RPointerArray<CX509Certificate>& aCerts) |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1146 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1147 |
// Go through all SIS chains and extract end certificates from them. |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1148 |
const RPointerArray<Sis::CSignatureCertificateChain>& chains= |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1149 |
aController.SignatureCertificateChains(); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1150 |
for (TInt i=0; i<chains.Count(); i++) |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1151 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1152 |
Sis::CSignatureCertificateChain& sigCertChain=*chains[i]; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1153 |
const Sis::CCertificateChain& certChain= |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1154 |
sigCertChain.CertificateChain(); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1155 |
// Construct PKIX cert chain from raw data in the controller. |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1156 |
CPKIXCertChainBase* pkixChain=CPKIXCertChainBase::NewLC(*iCertStore, |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1157 |
certChain.Data(), KSwiApplicabilityUid); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1158 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1159 |
// Extract end entity certificate and store it in the member array. |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1160 |
const CX509Certificate& endCert=pkixChain->Cert(0); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1161 |
CX509Certificate* endCertCopy=CX509Certificate::NewLC(endCert); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1162 |
User::LeaveIfError(aCerts.Append(endCertCopy)); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1163 |
CleanupStack::Pop(endCertCopy); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1164 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1165 |
// Cleanup. |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1166 |
CleanupStack::PopAndDestroy(pkixChain); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1167 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1168 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1169 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1170 |
EXPORT_C void CSecurityManager::FillCertInfoArrayL( |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1171 |
const RPointerArray<CX509Certificate>& aCertificates, |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1172 |
RPointerArray<CCertificateInfo>& aCertInfos) |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1173 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1174 |
for (TInt i=0; i<aCertificates.Count(); i++) |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1175 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1176 |
CCertificateInfo* certInfo=CCertificateInfo::NewLC(*aCertificates[i]); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1177 |
aCertInfos.AppendL(certInfo); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1178 |
CleanupStack::Pop(certInfo); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1179 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1180 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1181 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1182 |
EXPORT_C const RPointerArray<HBufC>& CSecurityManager::DeviceIDsInfo() const |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1183 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1184 |
return iDeviceIDs; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1185 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1186 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1187 |
EXPORT_C void CSecurityManager::ResetValidCertChains() |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1188 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1189 |
iValidPkixChains.ResetAndDestroy(); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1190 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1191 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1192 |
EXPORT_C void CSecurityManager::SetDevCertWarningState(TInt aDevCertWarningState) |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1193 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1194 |
iDevCertWarningState=static_cast<TDevCertWarningState>(aDevCertWarningState); |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1195 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1196 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1197 |
EXPORT_C TInt CSecurityManager::GetDevCertWarningState() |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1198 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1199 |
return iDevCertWarningState; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1200 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1201 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1202 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1203 |
EXPORT_C void CSecurityManager::SetRootCerts(RPointerArray<CX509Certificate>* aX509CertArray) |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1204 |
{ |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1205 |
iRootCerts = aX509CertArray; |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1206 |
} |
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1207 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1208 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1209 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1210 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1211 |
|
ba25891c3a9e
Revision: 200949
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1212 |