|
1 /* |
|
2 * Copyright (c) 2008-2009 Nokia Corporation and/or its subsidiary(-ies). |
|
3 * All rights reserved. |
|
4 * This component and the accompanying materials are made available |
|
5 * under the terms of "Eclipse Public License v1.0" |
|
6 * which accompanies this distribution, and is available |
|
7 * at the URL "http://www.eclipse.org/legal/epl-v10.html". |
|
8 * |
|
9 * Initial Contributors: |
|
10 * Nokia Corporation - initial contribution. |
|
11 * |
|
12 * Contributors: |
|
13 * |
|
14 * Description: IKEv2 specifig certificate reading related stuff |
|
15 * |
|
16 */ |
|
17 |
|
18 |
|
19 #ifndef C_IKEV2PKISERVICE_H |
|
20 #define C_IKEV2PKISERVICE_H |
|
21 |
|
22 #include <e32base.h> |
|
23 |
|
24 #include "pkiserviceapi.h" |
|
25 |
|
26 class CIkeCaElem; |
|
27 class TCertInfo; |
|
28 class TCReqPayloadIkev2; |
|
29 class CIkeData; |
|
30 class CIkeCaList; |
|
31 class MIkeV2PkiServiceObserver; |
|
32 class TOwnCertInfo; |
|
33 class MIkeDebug; |
|
34 |
|
35 |
|
36 class CIkeV2PkiService : public CActive |
|
37 { |
|
38 public: |
|
39 enum TIkeV2PkiServiceState |
|
40 { |
|
41 EPkiServiceIdle = 0, |
|
42 EBuildingCaList, |
|
43 EReadingCertificate, |
|
44 EReadingCertificateChain |
|
45 }; |
|
46 |
|
47 |
|
48 |
|
49 IMPORT_C static CIkeV2PkiService* NewL(MIkeV2PkiServiceObserver& aObserver, MIkeDebug& aDebug); |
|
50 IMPORT_C ~CIkeV2PkiService(); |
|
51 |
|
52 |
|
53 /** |
|
54 * Reads all the CA certs defined in the list to the memory. |
|
55 * |
|
56 * This method is completed by calling: |
|
57 * MIkeV2PkiServiceObserver::IkeV2PkiInitComleteL |
|
58 * |
|
59 * @param aCAList List of CA's, which are retrieved. |
|
60 */ |
|
61 IMPORT_C void InitIkeV2PkiService(const CIkeData* aIkeData); |
|
62 |
|
63 /* |
|
64 * Computes IKEv2 signature with a specified private key. |
|
65 * Actually a signature computed happens by referring the related certificate |
|
66 * when the PKI store produces the signature with corresponding private key. |
|
67 * |
|
68 * @param aTrustedAuthority Trusted CA name coded either in ASN1 (DN) format or ASCII format |
|
69 * @param aOwnCertInfo Own cert info from the IKE policy |
|
70 * @param aMsgOctets Message data signed. A SHA1 hash is calculated over these message |
|
71 * octets and result is encoded as PKCS1v15 signature before |
|
72 * encrypted with private key |
|
73 * @result signature length. |
|
74 */ |
|
75 IMPORT_C TInt Ikev2SignatureL(const TDesC8& aTrustedAuthority, |
|
76 const TOwnCertInfo& aOwnCertInfo, |
|
77 const TDesC8& aMsgOctets, |
|
78 TDes8& aSignature, TUint8 aAuthMeth); |
|
79 |
|
80 |
|
81 /** |
|
82 * Returns a list of trusted CA certificates. |
|
83 * If the InitIkeV2PkiService method is not called |
|
84 * successfully before this method is called an |
|
85 * empty list is returned. |
|
86 * |
|
87 * @result a list of trusted CA certificates. |
|
88 */ |
|
89 IMPORT_C const CIkeCaList& CaList() const; |
|
90 |
|
91 |
|
92 /** |
|
93 * |
|
94 */ |
|
95 IMPORT_C const TDesC8& UserCertificateData() const; |
|
96 |
|
97 IMPORT_C const TDesC8& I2CertificateData() const; |
|
98 IMPORT_C const TDesC8& I1CertificateData() const; |
|
99 /** |
|
100 * Returns the name of the trsuted authority of |
|
101 * user certificate. |
|
102 * |
|
103 * If no user certificates are loaded an empty string is returned. |
|
104 * |
|
105 * @result the name of the trusted authority of the user certificate. |
|
106 */ |
|
107 IMPORT_C const TDesC8& TrustedCaName() const; |
|
108 |
|
109 protected: |
|
110 void DoCancel(); |
|
111 void RunL(); |
|
112 TInt RunError(TInt aError); |
|
113 |
|
114 private: |
|
115 CIkeV2PkiService(MIkeV2PkiServiceObserver& aObserver, MIkeDebug& aDebug); |
|
116 void ConstructL(); |
|
117 |
|
118 void ReadTrustedUserCertificateL(); |
|
119 void ReadUserCertificateL(const TDesC8& aTrustedAuthority, TBool aGetCACert); |
|
120 void ReadCertificateChainL(); |
|
121 |
|
122 |
|
123 void InitIkeV2PkiServiceL(); |
|
124 void ImportNextCaElemFromIkeDataListL(); |
|
125 void BuildingCaListRunL(); |
|
126 void ReadUserCertificateRunL(); |
|
127 void ReadCertificateChainRunL(); |
|
128 |
|
129 static void CIkeV2PkiServiceApplUidArrayCleanup(TAny* any); |
|
130 |
|
131 |
|
132 void SignalObserverL(TInt aStatus); |
|
133 private: |
|
134 MIkeV2PkiServiceObserver& iObserver; |
|
135 MIkeDebug& iDebug; |
|
136 |
|
137 RPKIServiceAPI iPkiService; // PKI Service handle |
|
138 TIkeV2PkiServiceState iState; // Current state |
|
139 |
|
140 HBufC8* iCaName; // Ca name work buffer |
|
141 const CIkeData* iIkeData; // Current policy data object |
|
142 |
|
143 |
|
144 HBufC8* iReadCertificate; // Certificate stream |
|
145 TPtr8 iCertPtr; // For Pkiserviceapi calls |
|
146 |
|
147 HBufC8* iSubjName; // Subject alt name buffer |
|
148 HBufC8* iRfc822Name; // RFC822 name buffer |
|
149 TPKIKeyIdentifier iCertKeyId; // Certficate keyid |
|
150 |
|
151 TAny* iResArray; // For Pkiserviceapi calls |
|
152 |
|
153 RPointerArray<CIkeCaElem> iCasTrustedByPeer; // CA name list delivered |
|
154 CArrayFixFlat<TCertInfo>* iIkeDataCAList; |
|
155 CIkeCaList* iTrustedCAList; // Trusted CA certificate list |
|
156 HBufC8* iUserCertificate; |
|
157 HBufC8* i2Certificate; // Intermediate certificate Level 2 |
|
158 HBufC8* i2CertificateName; |
|
159 HBufC8* i1Certificate; // Intermediate certificate Level 1 |
|
160 }; |
|
161 |
|
162 |
|
163 /** |
|
164 * IKE PKI service request complete |
|
165 * @internalComponent |
|
166 */ |
|
167 class MIkeV2PkiServiceObserver |
|
168 { |
|
169 public: |
|
170 /** |
|
171 * IKE PKI service operation completed |
|
172 * @internalComponent |
|
173 * @param aStatus completion status of operation |
|
174 * @param aObject pointer to CIkePkiService object |
|
175 * |
|
176 */ |
|
177 virtual void IkeV2PkiInitCompleteL(TInt aStatus)=0; |
|
178 }; |
|
179 |
|
180 |
|
181 #endif //C_IKEV2PKISERVICE_H |