|
1 /* |
|
2 * Copyright (c) 2007-2009 Nokia Corporation and/or its subsidiary(-ies). |
|
3 * All rights reserved. |
|
4 * This component and the accompanying materials are made available |
|
5 * under the terms of "Eclipse Public License v1.0" |
|
6 * which accompanies this distribution, and is available |
|
7 * at the URL "http://www.eclipse.org/legal/epl-v10.html". |
|
8 * |
|
9 * Initial Contributors: |
|
10 * Nokia Corporation - initial contribution. |
|
11 * |
|
12 * Contributors: |
|
13 * |
|
14 * Description: |
|
15 * Name : RSIPSecChallengeResolver.h |
|
16 * Part of : SIPSec/DigestPlugin |
|
17 * Version : SIP/6.0 |
|
18 * |
|
19 */ |
|
20 |
|
21 |
|
22 |
|
23 |
|
24 /** |
|
25 @internalComponent |
|
26 */ |
|
27 |
|
28 #ifndef __RSIPSEC_CHALLENGERESOLVER_H__ |
|
29 #define __RSIPSEC_CHALLENGERESOLVER_H__ |
|
30 |
|
31 // INCLUDES |
|
32 #include <e32base.h> |
|
33 #include "CSIPSecDigest.h" |
|
34 #include "sipsecrequestdata.h" |
|
35 |
|
36 // FORWARD DECLARATIONS |
|
37 class MSIPSecUser; |
|
38 class CSIPAuthHeaderBase; |
|
39 class CSIPAuthenticateHeaderBase; |
|
40 class CSIPSecChallenge; |
|
41 class CSIPSecCredentials; |
|
42 class TSIPSecPluginCtxResponse; |
|
43 class RStringF; |
|
44 class CSIPHeaderBase; |
|
45 class CSIPResponse; |
|
46 |
|
47 // RPointerArray doesn't have a destructor, and RSIPSecChallengeResolver |
|
48 // doesn't have either. |
|
49 //lint -e1510 |
|
50 |
|
51 /** |
|
52 * @brief Class represents stack of received challenges |
|
53 * |
|
54 * @class RSIPSecChallengeResolver RSIPSecChallengeResolver.h |
|
55 * "RSIPSecChallengeResolver.h" |
|
56 * |
|
57 * This class extracts challenges from 401/407 response and stores them into a |
|
58 * form of stack. Challenges can then be handled one-by-one. After extraction |
|
59 * cache has been updated because of possible re-challenges. |
|
60 */ |
|
61 class RSIPSecChallengeResolver : public RPointerArray< CSIPSecChallenge > |
|
62 { |
|
63 public: // Constructors and destructor |
|
64 |
|
65 /* |
|
66 * Constructor |
|
67 * @param aContext SIP response context |
|
68 * @param aMechanism the mechanism |
|
69 */ |
|
70 RSIPSecChallengeResolver( TSIPSecPluginCtxResponse& aContext, |
|
71 CSIPSecDigest& aMechanism ); |
|
72 |
|
73 public: // New functions |
|
74 |
|
75 /* |
|
76 * Opens resolver and creates challenges |
|
77 * @param aUser SIPSec user |
|
78 */ |
|
79 void OpenL( const MSIPSecUser& aUser ); |
|
80 |
|
81 /* |
|
82 * Closes resolver |
|
83 */ |
|
84 void Close(); |
|
85 |
|
86 /* |
|
87 * Pops a challenge. |
|
88 * @return Challenge or NULL if no more challenges exist. |
|
89 * Ownership is transferred. |
|
90 */ |
|
91 CSIPSecChallenge* Pop(); |
|
92 |
|
93 /* |
|
94 * If aResponse has a Security-Server header with mechanism Digest, the |
|
95 * values of algorithm and qop parameters from that header are copied into |
|
96 * aAlgorithm and aQop. |
|
97 * @param aResponse IN: SIP response |
|
98 * @param aAlgorithm OUT: algoritm value |
|
99 * @param aQop OUT: qop value |
|
100 * @return ETrue if aResponse has a Security-Server header with digest |
|
101 * mechanism. EFalse otherwise. |
|
102 */ |
|
103 static TBool GetDigestParamsFromSecurityServer( CSIPResponse& aResponse, |
|
104 RStringF& aAlgorithm, |
|
105 RStringF& aQop ); |
|
106 |
|
107 /* |
|
108 * Check if the header has a Digest challenge with realm and nonce. |
|
109 * @param aHeader Authenticate- or Authorization-header |
|
110 * @return ETrue Header has a valid challenge, EFalse otherwise |
|
111 */ |
|
112 static TBool IsValidDigestChallenge( const CSIPAuthHeaderBase& aHeader ); |
|
113 |
|
114 /* |
|
115 * Selects the algorithm to use for the challenge in aHeader. |
|
116 * @param aHeader Header containing the challenge |
|
117 * @param aDefaultAlgorithm The used default algorith |
|
118 * @param aAlgorithm IN: algorithm in SIP response's Security-Server header |
|
119 * OUT: selected algorithm |
|
120 */ |
|
121 static void SelectAlgorithm( const CSIPAuthHeaderBase& aHeader, |
|
122 RStringF aDefaultAlgorithm, |
|
123 RStringF& aAlgorithm ); |
|
124 |
|
125 private: // New functions, for internal use |
|
126 |
|
127 /* |
|
128 * Finds and creates challenge based on SIP header |
|
129 * @param aAuthHeaders Authenticate headers |
|
130 * @param aType The challenge type |
|
131 * @param aCount Cumulative count of found challenges |
|
132 * @param aAlgorithm Algorithm value from Security-Server header, or empty |
|
133 * string if algorithm was not present in Security-Server |
|
134 * @param aQop qop value from Security-Server header, or empty string if |
|
135 * qop was not present in Security-Server |
|
136 * @param aDigestInAuthHeaders on return contains ETrue if some of the |
|
137 * auth headers contained digest |
|
138 */ |
|
139 void FindAndCreateChallengesL( TSglQueIter< CSIPHeaderBase >& aAuthHeaders, |
|
140 CSIPSecDigest::TChallengeType aType, |
|
141 TInt& aCount, |
|
142 RStringF aAlgorithm, |
|
143 RStringF aQop, |
|
144 TBool& aDigestInAuthHeaders ); |
|
145 |
|
146 /* |
|
147 * Creates a challenge based on the SIP header. |
|
148 * @param aHeader authenticate header |
|
149 * @param aType The challenge type |
|
150 * @param aCount Cumulative count of found challenges |
|
151 * @param aAlgorithm Algorithm value from Security-Server header, or empty |
|
152 * string if algorithm was not present in Security-Server |
|
153 * @param aQop qop value from Security-Server header, or empty string if |
|
154 * qop was not present in Security-Server |
|
155 */ |
|
156 void CreateChallengeL( CSIPAuthenticateHeaderBase& aHeader, |
|
157 CSIPSecDigest::TChallengeType aType, |
|
158 TInt& aCount, |
|
159 RStringF aAlgorithm, |
|
160 RStringF aQop ); |
|
161 |
|
162 /* |
|
163 * Prepares cache |
|
164 * @param aUser SIPSec user |
|
165 */ |
|
166 void PrepareCache( const MSIPSecUser& aUser ); |
|
167 |
|
168 /* |
|
169 * Selects the qop to use with the challenge in aHeader. |
|
170 * @param aHeader Authenticate header containing the challenge |
|
171 * @param aQopInSecurityServer qop value from Security-Server header |
|
172 * @return The selected qop to use |
|
173 */ |
|
174 CSIPSecRequestData::TQop SelectQopL( CSIPAuthenticateHeaderBase& aHeader, |
|
175 RStringF aQopInSecurityServer ) const; |
|
176 |
|
177 |
|
178 /* |
|
179 * Check if the header has a Digest challenge |
|
180 * @param aHeader Authenticate- or Authorization-header |
|
181 * @return ETrue Header has a challenge, EFalse otherwise |
|
182 */ |
|
183 static TBool IsDigestChallenge( const CSIPAuthHeaderBase& aHeader ); |
|
184 |
|
185 /* |
|
186 * Check if the header has realm and nonce. |
|
187 * @param aHeader Authenticate- or Authorization-header |
|
188 * @return ETrue Header has realm and nonce, EFalse otherwise |
|
189 */ |
|
190 static TBool IsValidChallenge( const CSIPAuthHeaderBase& aHeader ); |
|
191 |
|
192 /* |
|
193 * Check if either credentials or challenge has MD5 algorithm and the other |
|
194 * has AKAv1-MD5. |
|
195 * @param aCredentials IN: credentials in the cache |
|
196 * @param aChallenge IN: received challenge |
|
197 * @return ETrue If either credentials or challenge has MD5 algorithm and |
|
198 * the other has AKAv1-MD5. |
|
199 */ |
|
200 TBool MixedAlgorithms( CSIPSecCredentials& aCredentials, |
|
201 CSIPSecChallenge& aChallenge ) const; |
|
202 |
|
203 /* |
|
204 * If there is an AKA challenge, remove such AKA entries from the cache, that |
|
205 * have different realm than in the challenge. |
|
206 */ |
|
207 void RemoveObsoleteAKAEntries() const; |
|
208 |
|
209 private: // Data |
|
210 |
|
211 // Not owned |
|
212 TSIPSecPluginCtxResponse* iContext; |
|
213 |
|
214 CSIPSecDigest& iMechanism; |
|
215 |
|
216 #ifdef CPPUNIT_TEST |
|
217 friend class CSIPSecResolverTest; |
|
218 #endif |
|
219 }; |
|
220 |
|
221 #endif //end of __RSIPSEC_CHALLENGERESOLVER_H__ |
|
222 |
|
223 // End of File |