--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/omadrm/drmengine/server/inc/DRMDbSession.h Thu Dec 17 08:52:27 2009 +0200
@@ -0,0 +1,696 @@
+/*
+* Copyright (c) 2003-2008 Nokia Corporation and/or its subsidiary(-ies).
+* All rights reserved.
+* This component and the accompanying materials are made available
+* under the terms of "Eclipse Public License v1.0"
+* which accompanies this distribution, and is available
+* at the URL "http://www.eclipse.org/legal/epl-v10.html".
+*
+* Initial Contributors:
+* Nokia Corporation - initial contribution.
+*
+* Contributors:
+*
+* Description: This class declares the interface of class CDRMDbSession.
+*
+*/
+
+
+#ifndef CDRMDBSESSION_H
+#define CDRMDBSESSION_H
+
+// INCLUDES
+#include <e32base.h>
+#include <caf/caf.h>
+#include "DRMTypes.h"
+#include "DRMConstraint.h"
+#include "DRMEngineClientServer.h"
+#include "drmcommonclientserver.h"
+#include "drmenginetypedefs.h"
+#include "roapstorageclient.h"
+
+// CONSTANTS
+// MACROS
+// FUNCTION PROTOTYPES
+// FORWARD DECLARATIONS
+class CDRMParentStorage;
+
+class CDRMConsume;
+class CDRMPermission;
+class CDRMNotifier;
+class CDRMObsoleteFinder;
+
+// DATA TYPES
+// CLASS DECLARATION
+
+/**
+* Server side instance of DRM Rights Database session.
+* This class is the server side instance of C/S communications of a certain
+* session.
+*
+* @lib RightsServer.exe
+* @since S60Rel2.5
+*/
+NONSHARABLE_CLASS( CDRMDbSession ) : public CSession2
+ {
+public: // Constructors and destructor
+
+ /**
+ * Two-phased constructor.
+ * @since S60Rel2.6
+ * @return New session instance.
+ */
+ static CDRMDbSession* NewL();
+
+ /**
+ * Destructor.
+ * @since S60Rel2.5
+ */
+ virtual ~CDRMDbSession();
+
+public: // Functions from base classes
+
+ /**
+ * From CSession2: Handles the service request event.
+ * @since S60Rel2.6
+ * @param aMessage The message related to the event.
+ * @exception Method leaves with appropriate exception value
+ * if any errors occured.
+ */
+ void ServiceL( const RMessage2& aMessage );
+
+ /**
+ * From CSession2: Handles the errors from ServiceL if encountered.
+ * @since S60Rel3.0
+ * @param aMessage The message related to the event.
+ * @param aError Error code.
+ */
+ virtual void ServiceError( const RMessage2& aMessage,
+ TInt aError );
+
+public: // New functions
+
+ void AsyncOperationDone();
+
+ void AsyncOperationDone( TFileName* aFileName );
+
+ /**
+ * This method tries to find a suitable rights object
+ * from the given list which allows the specified intent.
+ * @since S60Rel3.0
+ * @param aIntent Intent.
+ * @param aRights List of rights objects.
+ * @param aParent Out-parameter: related parent permission. The caller
+ * owns the parent.
+ * @param aUpdate Out-parameter: whether to update the rights object
+ * (if one is found).
+ * @return Symbian error or CAF error. KErrNone if everything goes
+ * properly
+ */
+ TInt FindRightsObject( const ContentAccess::TIntent aIntent,
+ const TDesC8& aURI,
+ CDRMPermission*& aChild,
+ HBufC8*& aUsedURI,
+ TUint32& aReason );
+
+ /**
+ * Check whether the identified permission allows the caller to get
+ * decrypted data. Enforces e.g. capability checking
+ *
+ * @param aContentId Content ID of the content, can be NULL
+ * @param aPermission Permission which grants access, can be NULL
+ * @param aIntent Consumption intent
+ * @return KErrAccessDenied if the caller does not have sufficient
+ * credentials, KErrNone if access is granted, or other
+ * Symbian errors
+ */
+ TInt VerifyCredentials( HBufC8* aContentId,
+ CDRMPermission* aPermission,
+ TIntent aIntent );
+
+ /**
+ * Return the SID of the client
+ * @return SID of the client
+ */
+ TUid GetClientSid();
+
+ /**
+ * Return the VID of the client
+ * @return VID of the client
+ */
+ TUid GetClientVid();
+
+ /**
+ * Return if the client has sufficient DRM capability
+ * @return ETrue if the capability is available, EFalse otherwise
+ */
+ TBool ClientHasCapability();
+
+ /**
+ * This method returns handle to the Roap storage client.
+ *
+ * @since S60 3.2
+ * @return Handle to the Roap storage client
+ */
+ Roap::RRoapStorageClient& RoapClient();
+
+ /**
+ * This method connects the roap client, does nothing if it's already connected
+ *
+ * @since S60 3.2
+ * @return Handle to the Roap storage client
+ */
+ TInt ConnectRoapClient();
+
+protected: // New functions
+
+protected: // Functions from base classes
+
+private:
+
+ enum TProtectionType
+ {
+ ENoProtection,
+ EPublicKey,
+ EDomainKey,
+ };
+
+ enum TCredentialsCheckType
+ {
+ ENotChecked,
+ ECheckedAndAllowed,
+ ECheckedAndDenied,
+ };
+
+ /**
+ * C++ constructor.
+ * @since S60Rel2.6
+ */
+ CDRMDbSession();
+
+ /**
+ * Second phase constructor.
+ * @since S60Rel2.6
+ */
+ void ConstructL();
+
+ /**
+ * Helper function for ServiceL().
+ * @since S60Rel2.5
+ * @param aMessage The message associated to the event.
+ */
+ void AddRecordL( const RMessage2& aMessage,
+ TProtectionType aProtection );
+
+ /**
+ * Helper function for ServiceL().
+ * @since S60Rel2.5
+ * @param aMessage The message associated to the event.
+ */
+ void GetRecordL( const RMessage2& aMessage );
+
+ /**
+ * Helper function for ServiceL().
+ * @since S60Rel2.5
+ * @param aMessage The message associated to the event.
+ */
+ void GetEntryListL( const RMessage2& aMessage );
+
+ /**
+ * Helper function for ServiceL().
+ * @since S60Rel2.5
+ * @param aMessage The message associated to the event.
+ */
+ void DeleteL( const RMessage2& aMessage );
+
+ /**
+ * Helper function for ServiceL().
+ * @since S60Rel2.5
+ * @param aMessage The message associated to the event.
+ */
+ void DeleteRecordL( const RMessage2& aMessage );
+
+ /**
+ * Helper function for ServiceL().
+ * @since S60Rel2.5
+ * @param aMessage The message associated to the event.
+ */
+ void ExportCIDsL( const RMessage2& aMessage );
+
+ /**
+ * Helper function for ServiceL().
+ * @since S60Rel2.5
+ * @param aMessage The message associated to the event.
+ */
+ void GetKeyL( const RMessage2& aMessage );
+
+ /**
+ * Helper function for ServiceL().
+ * @since S60Rel2.5
+ * @param aMessage The message associated to the event.
+ */
+ void CheckRightsL( const RMessage2& aMessage );
+
+ /**
+ * Helper function for ServiceL().
+ * @since S60Rel2.5
+ * @param aMessage The message associated to the event.
+ */
+ void CountL( const RMessage2& aMessage );
+
+ /**
+ * Implementation of DeleteAll() command.
+ * @since 2.5
+ * @param aMessage The message associated to the event.
+ */
+ void DeleteAllL( const RMessage2& aMessage );
+
+ /**
+ * Implementation of ConsumeL() command.
+ * @since 2.5
+ * @param aMessage The message associated to the event.
+ */
+ void ConsumeL( const RMessage2& aMessage );
+
+ /**
+ * Check if Consume is possible
+ * @since 3.0
+ * @param aMessage The message associated to the event.
+ */
+ void CheckConsumeL( const RMessage2& aMessage );
+
+ /**
+ * Calculate the padding using a given data block
+ * @since 2.5
+ * @param aMessage The message associated to the event.
+ */
+ void CalculatePaddingL( const RMessage2& aMessage );
+
+ /**
+ * Give secure time & trust level to the client.
+ * @since 2.6
+ * @params aMessage The message associated to the event.
+ */
+ void SecureTimeL( const RMessage2& aMessage );
+
+ /**
+ * Encrypt data using the session key
+ * @since 3.0
+ * @params aMessage The message associated to the event.
+ */
+ void EncryptL( const RMessage2& aMessage );
+
+ /**
+ * Decrypt data using the session key
+ * @since 3.0
+ * @params aMessage The message associated to the event.
+ */
+ void DecryptL( const RMessage2& aMessage );
+
+ /**
+ * Initialize the session key
+ * @since 3.0
+ * @params aMessage The message associated to the event.
+ */
+ void InitializeKeyL( const RMessage2& aMessage );
+
+ /**
+ * Initialize the session key from a group key
+ * @since 3.0
+ * @params aMessage The message associated to the event.
+ */
+ void InitializeGroupKeyL( const RMessage2& aMessage );
+
+ /**
+ * Return the prepared data to the client.
+ * @since 3.0
+ * @params aMessage The message associated to the event.
+ */
+ void GetPreparedDataL( const RMessage2& aMessage );
+
+ /**
+ * Return the prepared data to the client.
+ * @since 3.0
+ * @params aMessage The message associated to the event.
+ */
+ void AddDomainROL( const RMessage2& aMessage );
+
+ /**
+ * Return the prepared data to the client.
+ * @since 3.0
+ * @params aMessage The message associated to the event.
+ */
+ void GetDomainROL( const RMessage2& aMessage );
+
+ /**
+ * Return the prepared data to the client.
+ * @since 3.0
+ * @params aMessage The message associated to the event.
+ */
+ void DeleteDomainROL( const RMessage2& aMessage );
+
+ /**
+ * Return the domain RO for a given content ID.
+ * @since 3.0
+ * @params aMessage The message associated to the event.
+ */
+ void GetDomainRosForCidL( const RMessage2& aMessage );
+
+ /**
+ * Check whether the RO is in Replay Cache.
+ * @since 3.0
+ * @pareams aMessage The message associated to the event.
+ */
+ void IsInCacheL( const RMessage2& aMessage );
+
+ /**
+ * Add the RO entry to Replay Cache.
+ * @since 3.0
+ * @params aMessage The message associated to the event.
+ */
+ void AddToCacheL( const RMessage2& aMessage );
+
+ /**
+ * Delete expired permission if we have secure time.
+ * @since 3.0
+ * @params aMessage The message associated to the event.
+ */
+ void DeleteExpiredPermissionsL( const RMessage2& aMessage );
+
+ /**
+ * Sets the estimated arrival for a Content URI
+ * @since 2.6
+ * @params aMessage The message associated to the event.
+ */
+ void SetEstimatedArrivalL( const RMessage2& aMessage );
+
+ /**
+ * Gets the estimated arrival for a Content URI
+ * @since 2.6
+ * @params aMessage The message associated to the event.
+ */
+ void GetEstimatedArrivalL( const RMessage2& aMessage );
+
+ /**
+ * Gets the udt data
+ * @since 3.0
+ * @params aMessage The message associated to the event.
+ */
+ void GetUdtDataL( const RMessage2& aMessage );
+
+ /**
+ * Initiates the UDT
+ * @since 3.0
+ * @params aMessage The message associated to the event.
+ */
+ void InitiateUdtL( const RMessage2& aMessage );
+
+ /**
+ * Helper function for ServiceL().
+ * @since 3.0
+ * @param aMessage The message associated to the event.
+ */
+ void InitExportOrphanedCIDsL( const RMessage2& aMessage );
+
+ /**
+ * Helper function for ServiceL().
+ * @since 3.0
+ * @param aMessage The message associated to the event.
+ */
+ void ExportOrphanedCIDsL( const RMessage2& aMessage );
+
+ /**
+ * Unwrap MAC and REK which are wrapped either with
+ * device public key or domain key
+ * @since 3.1
+ * @param aMessage The message associated to the event.
+ * @param aDomainRo ETrue if a domain key is used for wrapping
+ * EFalse if device public key is used wrapping
+ */
+ void UnwrapMacAndRekL( const RMessage2& aMessage, TBool aDomainRo );
+
+ /**
+ * This methods converts the given list into a permanent file
+ * representation.
+ * @since S60Rel2.5
+ * @param aList List to be converted into a file.
+ * @param aFile Output file name.
+ */
+ void ListToFileL( RPointerArray< CDRMPermission >& aList,
+ TFileName& aFile );
+
+ /**
+ * Tries to locate the best permission candidates from the given list based
+ * on the given usage intent.
+ * @return Index of the best child in aList, >= 0 always. Leaves if no
+ * suitable child is found.
+ */
+ TInt FindBestROsL( RDRMPermissionList& aList,
+ const TDesC8& aURI,
+ const ContentAccess::TIntent aIntent,
+ HBufC8*& aUsedURI,
+ TUint32& aReason );
+
+ /**
+ * Returns ETrue if might be possible to use the permission
+ * as a child permission in the first place.
+ */
+ TBool IsValidPermissionL( CDRMPermission& aPermission,
+ const ContentAccess::TIntent aIntent,
+ const TTime& aTime,
+ TUint32& aReason );
+
+
+ void Normalize( CDRMPermission& aPermission,
+ CDRMConstraint& aNormalized,
+ const ContentAccess::TIntent aIntent );
+
+ TBool BetterPermission( const CDRMConstraint& aNewOne,
+ const CDRMConstraint& aOldOne );
+
+
+ TInt GetBestROL( RDRMPermissionList& aList,
+ const TIntent aIntent,
+ TUint32& aReason );
+
+ /**
+ * This method checks whether the constraint has expired.
+ *
+ * @since S60Rel2.5
+ * @param aConstraint Rights constraint.
+ * @return Truth value.
+ */
+ inline TBool Expired( const CDRMConstraint& aConstraint );
+
+ /**
+ * finds the parent permissions and does not add unusable parents and removes unusable childred
+ *
+ * @param aList List of child permissions
+ * @param aIntent Intent for use
+ * @param aDrmTime Drm time of the device
+ * @param aReason Out-parameter: a bitvector of why some prmissions were disqualified
+ */
+ void FindParentsAndRemoveUnusableL( RDRMPermissionList& aList,
+ const TDesC8& aURI,
+ CDRMPointerArray<HBufC8>& aCids,
+ const TIntent aIntent,
+ const TTime& aDrmTime,
+ TUint32& aReason );
+
+ /**
+ * This method checks whether the constraint is invalid
+ * (count < 1 || interval <= 0 ).
+ *
+ * @since S60Rel2.6
+ * @param aConstraint Rights constraint.
+ * @return Truth value.
+ */
+ inline TBool Invalid( const CDRMConstraint& aConstraint );
+
+ /**
+ * This method updates the trusted time and its trust level from DRM server.
+ * Since S60Rel2.5
+ */
+ inline void UpdateSecureTime();
+
+ /**
+ * Unwrap a CEK which is wrapped with a REK
+ *
+ * @param aProtectedCek Wrapped CEK
+ * @return Unwrapped CEK
+ */
+ HBufC8* UnwrapProtectedCekL( const TDesC8& aProtectedCek );
+
+ /**
+ * Unwrap a CEK which is wrapped with a domain key.
+ *
+ * @param aProtectedCek Wrapped CEK
+ * @param aDomainId ID of the domain key
+ * @return Unwrapped CEK
+ */
+ HBufC8* UnwrapDomainCekL( const TDesC8& aProtectedCek,
+ const TDesC8& aDomainId );
+
+ /**
+ * Set the authentication seed for a content ID
+ *
+ * @param aMessage IPC message
+ */
+ void SetAuthenticationSeedL( const RMessage2& aMessage );
+
+ /**
+ * Return the authentication seed for a content ID
+ *
+ * @param aMessage IPC message
+ */
+ void GetAuthenticationSeedL( const RMessage2& aMessage );
+
+ /**
+ * Integrity protection for protected ROs
+ *
+ * @param aMessage IPC message
+ */
+ void VerifyMacL( const RMessage2& aMessage );
+
+ /**
+ *
+ *
+ * @param aMessage IPC message
+ */
+ void GetSupportedIndividualsL( const RMessage2& aMessage );
+
+ /**
+ * Stop watching the DCF repository server and the rights DB
+ *
+ * @param aMessage IPC message
+ */
+ void StopWatchingL( const RMessage2& aMessage );
+
+ /**
+ * Return the current content ID
+ *
+ * @return content ID
+ */
+ const TDesC8& GetContentId();
+
+ /**
+ * Remove permissions which are currently invalid (e.g. domain context
+ * not available)
+ *
+ * @param aList List of permissions
+ */
+ void RemoveInvalidPermissionsL( CDRMPermissionList* aList );
+
+ void SetNameL( const RMessage2& aMessage );
+
+ void GetNameL( const RMessage2& aMessage );
+
+ void GetWideDataL( const RMessage2& aMessage );
+
+ void Cancel( const RMessage2& aMessage );
+
+ void GetFLUriL( const RMessage2& aMessage );
+
+ void EncodeRightsIssuerL( const RMessage2& aMessage );
+
+ void DecodeRightsIssuerL( const RMessage2& aMessage );
+
+ void GetRandomDataL( const RMessage2& aMessage );
+
+ void GetFlURI( TDes8& aURI );
+
+ void AesEncryptL( const TDesC8& aKey,
+ const TDesC8& aIV,
+ const TBool aAddPadding,
+ TDes8& aData );
+
+ void AesDecryptL( const TDesC8& aKey,
+ const TDesC8& aIV,
+ const TBool aRemovePadding,
+ TDes8& aData );
+
+ void GenerateIVL( TDes8& aData );
+
+ TBool PendingRights(const TDesC8& aCid, TBool aRemoval = ETrue);
+
+ /**
+ * This method tries to find a suitable rights object
+ * from the given list which allows the specified intent.
+ * @since S60Rel3.0
+ * @param aIntent Intent.
+ * @param aURI Content URI
+ * @param aChild Out-parameter: related child permissino. The caller
+ * owns the child.
+ * @param aParent Out-parameter: related parent permission. The caller
+ * owns the parent.
+ * @param aReason A bitvector of reasons for rights object rejection
+ */
+ void FindRightsObjectL( const ContentAccess::TIntent aIntent,
+ const TDesC8& aURI,
+ CDRMPermission*& aChild,
+ HBufC8*& aUsedURI,
+ TUint32& aReason );
+
+ /**
+ * Check if the deletion of the mentioned content id is allowed:
+ */
+ TBool DeleteAllowedL( const TDesC8& aContentId );
+
+ // Prohibit copy constructor.
+ CDRMDbSession( const CDRMDbSession& );
+ // Prohibit assigment operator.
+ CDRMDbSession& operator=( const CDRMDbSession& );
+
+ void GetMeteringDataL( const RMessage2& aMessage );
+
+ void DeleteMeteringDataL( const RMessage2& aMessage );
+
+public: // Data
+
+protected: // Data
+
+private: // Data
+
+ TTime iTrustedTime;
+ TBool iSecureTime;
+ HBufC8* iPreparedData;
+ HBufC* iWidePreparedData;
+ CActive* iPendingRequest;
+ CDRMConsume* iConsume;
+
+ // Decryption key for this session
+ TBuf8< KDRMKeyLength > iCek;
+
+ // Rights encyrption key for this session, used for adding protected keys and
+ // the authentication seed
+ TBuf8< KDRMKeyLength > iRek;
+
+ TBuf8< KDRMKeyLength > iMac;
+
+ // Have the credentials of the caller been checked for this session?
+ TCredentialsCheckType iCredentialsChecked;
+
+ // Filename used for getting obsolete Contents
+ TFileName* iFileName;
+
+ // Client handle
+ RThread iClient;
+
+ // ID of the currently handled content
+ HBufC8* iContentId;
+
+ // Roap client
+ TBool iRoapClientConnected;
+ Roap::RRoapStorageClient iRoapClient;
+
+public: // Friend classes
+protected: // Friend classes
+private: // Friend classes
+ };
+
+#include "DRMDbSession.inl"
+
+
+#endif // CDRMDBSESSION_H
+
+// End of File