|
1 /* |
|
2 * Copyright (c) 2003-2009 Nokia Corporation and/or its subsidiary(-ies). |
|
3 * All rights reserved. |
|
4 * This component and the accompanying materials are made available |
|
5 * under the terms of "Eclipse Public License v1.0" |
|
6 * which accompanies this distribution, and is available |
|
7 * at the URL "http://www.eclipse.org/legal/epl-v10.html". |
|
8 * |
|
9 * Initial Contributors: |
|
10 * Nokia Corporation - initial contribution. |
|
11 * |
|
12 * Contributors: |
|
13 * |
|
14 * Description: PKI store and Certificate verification interface for IKEv1 |
|
15 * plug-in |
|
16 * |
|
17 */ |
|
18 |
|
19 #ifndef C_IKEV1PKISERVICE_H |
|
20 #define C_IKEV1PKISERVICE_H |
|
21 |
|
22 #include <e32base.h> |
|
23 #include <asn1dec.h> |
|
24 |
|
25 #include "pkiserviceapi.h" |
|
26 #include "ikepolparser.h" |
|
27 |
|
28 class CX509Certificate; |
|
29 class TASN1DecGeneric; |
|
30 |
|
31 class CIkeData; |
|
32 class CIkeCaList; |
|
33 class TCertPayloadIkev2; |
|
34 class TCReqPayloadIkev2; |
|
35 class TCertificateISAKMP; |
|
36 class MIkePlugInServices; |
|
37 class MIkeDebug; |
|
38 class CIkeCaElem; |
|
39 // |
|
40 // CIkeV1PkiService Class |
|
41 // |
|
42 class CIkeV1PkiService : public CBase |
|
43 { |
|
44 public: |
|
45 IMPORT_C static CIkeV1PkiService* NewL( CIkeData* aIkeData, |
|
46 MIkeDebug& aDebug ); |
|
47 IMPORT_C ~CIkeV1PkiService(); |
|
48 |
|
49 |
|
50 IMPORT_C TBool ImportCACertsL(CArrayFixFlat<TCertInfo*> *aCAList); |
|
51 IMPORT_C TInt ReadUserCertWithNameL(const TDesC8& aTrustedCaName, CIkeData* aIkeData, TBool aDnType); |
|
52 IMPORT_C TInt Ikev1SignatureL(const TDesC8& aTrustedCaName, CIkeData* aIkeData, const TDesC8& aHashIn, TDes8& aSignature); |
|
53 IMPORT_C CIkeCaList* CaList(); |
|
54 IMPORT_C HBufC8* GetCertificate(); |
|
55 IMPORT_C HBufC8* GetTrustedCA(); |
|
56 IMPORT_C HBufC8* GetTrustedICA1(); |
|
57 IMPORT_C HBufC8* GetTrustedICA2(); |
|
58 IMPORT_C TInt ReadChainL(CIkeData* aIkeData, const HBufC8* aCAName); |
|
59 |
|
60 private: |
|
61 CIkeV1PkiService( CIkeData* aIkeData, |
|
62 MIkeDebug& aDebug ); |
|
63 void ConstructL(); |
|
64 |
|
65 TInt ComputeSignatureL(const TDesC8& aTrustedAuthority, const TDesC8& aHashIn, TDes8& aSignature, TBool aRsaSignature); |
|
66 TInt ReadCertificateL(const TDesC8& aTrustedAuthority, TBool aGetCACert); |
|
67 |
|
68 /** |
|
69 * Initialized user certificate identification member variables. |
|
70 * The information is taken from the policy file. |
|
71 * Only the ID data, which is available is set, other |
|
72 * data is zeroed. |
|
73 * |
|
74 * @result the size of the key, if available in the policy, zero otherwise. |
|
75 */ |
|
76 TUint InitUserCertIdentDataL(); |
|
77 TBool GetNextCaElemL(); |
|
78 TBool AddNextCaElemL(TInt& aStatus); |
|
79 TInt GetNextCertificateL(); |
|
80 TBool CertificateReadL(TInt& aStatus); |
|
81 |
|
82 TInt ReadCertificateL(const TPKIKeyIdentifier& aKeyIdentifier); |
|
83 TInt ReadCertificateListL(); |
|
84 TInt GetCertificateWithKeyIdL(const TDesC16& aKeyIdString); |
|
85 TBool GetApplUidListL(const TDesC16& aApplUidString); |
|
86 TBool ApplUidCertListCompletedL(TInt aStatus); |
|
87 TBool ReadNextInListL(); |
|
88 |
|
89 |
|
90 #ifdef _DEBUG |
|
91 void CertReadCompleted(TBool aCaCert, TInt aStatus, TInt aLine ); |
|
92 void HexToString(const TDesC8& aKeyId, TDes16& aKeyIdString); |
|
93 #endif |
|
94 |
|
95 |
|
96 private: |
|
97 TInt iOperation; // Current operation ongoing |
|
98 RPKIServiceAPI iPkiService; // PKI Service handle |
|
99 CIkeCaList* iTrustedCAList; // Trusted CA certificate list |
|
100 |
|
101 TInt iCurrIndex; // Current index in name list |
|
102 CArrayFixFlat<TCertInfo*>* iCaNameList; // CA name list delivered |
|
103 HBufC8* iCaName; // Ca name work buffer |
|
104 HBufC8* iCa2Name; // Level 1 Intermediate Certificate |
|
105 HBufC8* iCa1Name; // Level 2 Intermediate Certificate |
|
106 |
|
107 CIkeData* iIkeData; // Current policy data object |
|
108 |
|
109 RPointerArray<CIkeCaElem> iCasTrustedByPeer; // CA name list delivered |
|
110 |
|
111 HBufC8* iReadCertificate; // Certificate stream |
|
112 HBufC8* iReadCertificateOrig; // Certificate stream of original own certificate |
|
113 HBufC8* iSubjName; // Subject alt name buffer |
|
114 HBufC8* iRfc822Name; // RFC822 name buffer |
|
115 |
|
116 TPtr8 iCertPtr; // For Pkiserviceapi calls |
|
117 TAny* iResArray; // For Pkiserviceapi calls |
|
118 TBool iReallocated; // Certificate buffer enlarged |
|
119 TInt iCertBfrSize; // Certificate buffer size |
|
120 |
|
121 TPKIKeyIdentifier iCertKeyId; // Certficate keyid |
|
122 RArray<TUid>* iApplUidList; // Application UID list |
|
123 CArrayFix<TCertificateListEntry>* iCaCertList; // Applicable CA cert list |
|
124 TInt iListIndex; // Current index in CA cert list |
|
125 TBool iUserCertDerType; //0=ASCII, 1=DER |
|
126 MIkeDebug& iDebug; |
|
127 |
|
128 }; |
|
129 |
|
130 |
|
131 // |
|
132 // CIkePkiService operation codes (iOperation) |
|
133 // |
|
134 const TInt KNoOperation = 0; |
|
135 const TInt KBuildingCaList = 1; |
|
136 const TInt KReadingCertificate = 2; |
|
137 const TInt KProcessingApplUidList = 3; |
|
138 const TInt KBuildingApplUidList = 4; |
|
139 const TInt KSigning = 5; |
|
140 const TInt KDecrypting = 6; |
|
141 |
|
142 |
|
143 // |
|
144 // Certificate field indicators for GetCertificateFieldDERL() |
|
145 // |
|
146 |
|
147 #define IKEV2_CERT_KEYID_SIZE 20 |
|
148 // |
|
149 //Extra Errors for IkeCert::VerifyCertificateL() |
|
150 // |
|
151 const TInt KCertVerifyErrBadType = 1; |
|
152 const TInt KCertVerifyErrNotValidYet = 2; |
|
153 const TInt KCertVerifyErrExpired = 3; |
|
154 const TInt KCertVerifyWithinMargin = 4; |
|
155 const TInt KCertVerifyCriticalExt = 5; |
|
156 const TInt KCertVerifyKeyUsageErr = 6; |
|
157 const TInt KCertVerifyCACertificate = 7; |
|
158 |
|
159 const TInt KDefaultErrorMargin = 3600; // Default error marginal in Validity |
|
160 |
|
161 const TInt KSha1hashLth = 20; |
|
162 const TInt KCertKeyIdLth = 20; // Certificate Key Identifier length = Length of SHA1 hash |
|
163 |
|
164 |
|
165 #endif // C_IKEV1PKISERVICE_H |