|
1 /* |
|
2 * Copyright (c) 2008 Nokia Corporation and/or its subsidiary(-ies). |
|
3 * All rights reserved. |
|
4 * This component and the accompanying materials are made available |
|
5 * under the terms of "Eclipse Public License v1.0" |
|
6 * which accompanies this distribution, and is available |
|
7 * at the URL "http://www.eclipse.org/legal/epl-v10.html". |
|
8 * |
|
9 * Initial Contributors: |
|
10 * Nokia Corporation - initial contribution. |
|
11 * |
|
12 * Contributors: |
|
13 * |
|
14 * Description: PKCS#12 data handler |
|
15 * |
|
16 */ |
|
17 |
|
18 |
|
19 |
|
20 #ifndef __PKCS12VPN_H__ |
|
21 #define __PKCS12VPN_H__ |
|
22 |
|
23 #include <f32file.h> |
|
24 |
|
25 #include "pkiserviceapi.h" |
|
26 |
|
27 #include "pkidefs.h" |
|
28 #include "vpnnotifierdefs.h" |
|
29 |
|
30 |
|
31 // Used locally within PKCS#12 handler |
|
32 #define DEFAULT_KEY_LEN 1024 |
|
33 |
|
34 // Filename stems used for security object dumping |
|
35 // (%d will range from 1 to n) |
|
36 _LIT(KCAFileNameStem, "ca-%d.cer"); |
|
37 _LIT(KUserCertFileNameStem, "user-%d.cer"); |
|
38 _LIT(KPrivateKeyFileNameStem, "user-%d.key"); |
|
39 |
|
40 // Forward declarations |
|
41 class CPKCS12; |
|
42 class MPKCS12; |
|
43 class CX509Certificate; |
|
44 |
|
45 /** |
|
46 * Class CPKCS12Handler provides basic PKCS12 handling functionality. |
|
47 * This includes operations for password prompting, integrity verification |
|
48 * and data decrypting. CPKCS12Handler also manages PKI operations related |
|
49 * to PKCS#12 package contents (storing key data, certificate attachment). |
|
50 * |
|
51 */ |
|
52 class CPKCS12Handler : public CBase |
|
53 { |
|
54 |
|
55 ///////////////////////////// |
|
56 // Construction / Destruction |
|
57 ///////////////////////////// |
|
58 public: |
|
59 |
|
60 /** |
|
61 * CPKCS12Handler must always be instantiated with a reference to |
|
62 * a (connected) PKI Service API resource handle. |
|
63 * @param aPkiServiceApi Reference to an instantiated RPKIServiceAPI |
|
64 * object. |
|
65 */ |
|
66 IMPORT_C static CPKCS12Handler* NewL(RPKIServiceAPI& aPkiServiceApi); |
|
67 IMPORT_C static CPKCS12Handler* NewLC(RPKIServiceAPI& aPkiServiceApi); |
|
68 IMPORT_C static CPKCS12Handler* NewL(); |
|
69 IMPORT_C static CPKCS12Handler* NewLC(); |
|
70 |
|
71 EXPORT_C ~CPKCS12Handler(); |
|
72 |
|
73 protected: |
|
74 |
|
75 void ConstructL(); |
|
76 |
|
77 private: |
|
78 |
|
79 CPKCS12Handler(RPKIServiceAPI& aPkiServiceApi); |
|
80 |
|
81 |
|
82 |
|
83 ///////////////////////////// |
|
84 // Public functions |
|
85 ///////////////////////////// |
|
86 public: |
|
87 |
|
88 /** |
|
89 * High-level function for storing all certificates/private keys |
|
90 * contained in a single PKCS#12 bundle. Also sets the applicability |
|
91 * and deletable properties, which must be set prior to storing |
|
92 * if non-default values are required. |
|
93 * |
|
94 * Stores the data directly to PKI. |
|
95 * |
|
96 * @param aData PKCS#12 in raw binary data format |
|
97 * @param aPwd The password for decoding the PKCS#12 package. |
|
98 * |
|
99 * @return Leaves with KErrNotSupported if aData is not a valid PKCS#12 |
|
100 * buffer; KErrPermissionDenied if the password is wrong. |
|
101 * Symbian standard leaves can occur as well (KErrNoMemory) |
|
102 */ |
|
103 IMPORT_C void StorePKCS12ObjectL(const TDesC8& aData, |
|
104 const TDesC16& aPwd); |
|
105 |
|
106 /** |
|
107 * Gets a locally applicable reference to applicability data that will |
|
108 * be applied to all applicable certificates deciphered from the |
|
109 * PKCS#12 package by the application. |
|
110 * "Lazy" functionality: applicability parameter is only applied to |
|
111 * a certificate when the actual certificate is stored (attached). |
|
112 * In other words, SetApplicability must be called before StorePKCS12ObjectL(). |
|
113 * Has no effect for PKCS#12 file dump (SaveSecurityObjectsToDiskL()). |
|
114 * |
|
115 * @param aUids Array of TUid objects, indicating the applicability |
|
116 * scope of the certificate(s). Ownership doesn't transfer. |
|
117 * |
|
118 */ |
|
119 IMPORT_C void SetApplicability(const RArray<TUid>& aUids); |
|
120 |
|
121 /** |
|
122 * Sets the deletable attribute that will be applied to all |
|
123 * certificates within the package. |
|
124 * "Lazy" functionality: deletable parameter is only applied to |
|
125 * a certificate when the actual certificate is stored (attached). |
|
126 * In other words, SetDeletable must be called before StorePKCS12ObjectL(). |
|
127 * Has no effect for PKCS#12 file dump (SaveSecurityObjectsToDiskL()). |
|
128 * |
|
129 * @param aDeletable ETrue, if the certificate(s) can be deleted |
|
130 * from the certificate store. |
|
131 * |
|
132 */ |
|
133 IMPORT_C void SetDeletable(TBool aDeletable); |
|
134 |
|
135 /** |
|
136 * Saves the keys/certs to disk. It's important that the files be |
|
137 * deleted afterwards by the caller. |
|
138 * |
|
139 * @param aData PKCS#12 data in raw binary |
|
140 * @param aPwd PKCS#12 password or KNullDesC |
|
141 * @param aDir The target directory for extraction operation |
|
142 * |
|
143 * @leave May leave if write ops fail |
|
144 * |
|
145 */ |
|
146 IMPORT_C void SaveSecurityObjectsToDiskL(const TDesC8& aData, |
|
147 const TDesC& aPwd, |
|
148 const TDesC& aDir); |
|
149 |
|
150 |
|
151 |
|
152 ///////////////////////////// |
|
153 // Private functions |
|
154 ///////////////////////////// |
|
155 private: |
|
156 |
|
157 /** |
|
158 * Default constructor not available for public |
|
159 */ |
|
160 CPKCS12Handler(); |
|
161 |
|
162 /** |
|
163 * Make sure the given data is in PKCS#12 format. |
|
164 * |
|
165 * @param aData Binary data buffer containing the PKCS#12 data |
|
166 * |
|
167 * @return Returns ETrue if the data represents a valid PKCS#12 object, |
|
168 * EFalse otherwise |
|
169 */ |
|
170 TBool VerifyType(const TDesC8& aData) const; |
|
171 |
|
172 /** |
|
173 * Stores all the private keys from PKCS#12 object to PKI |
|
174 * |
|
175 */ |
|
176 void StoreKeyPairsL(); |
|
177 |
|
178 /** |
|
179 * Store a single private key to PKI |
|
180 * |
|
181 * @param aKey The private key in binary format. |
|
182 */ |
|
183 void StoreSingleKeyL(const TDesC8& aKey); |
|
184 |
|
185 /** |
|
186 * Attach all the user certificates contained in the PKCS#12 |
|
187 * package |
|
188 * |
|
189 */ |
|
190 void AttachCertificatesL(); |
|
191 |
|
192 /** |
|
193 * Store all the CA certificates contained in the PKCS#12 |
|
194 * package |
|
195 * |
|
196 */ |
|
197 void StoreCertificatesL(); |
|
198 |
|
199 /** |
|
200 * Store a single CA certificate |
|
201 * |
|
202 */ |
|
203 void StoreCertificateL(CX509Certificate* aCert); |
|
204 |
|
205 /** |
|
206 * Attach given certificate to a private key, based on key id |
|
207 * |
|
208 * @param aCert The certificate to be attached |
|
209 * @param aKeyId The ID of the associated private key |
|
210 * |
|
211 */ |
|
212 void AttachCertificateL(CX509Certificate* aCert, |
|
213 const TPKIKeyIdentifier& aKeyId); |
|
214 |
|
215 /** |
|
216 * Convenience function for getting local references to the certs/keys |
|
217 * contained in the PKCS#12 |
|
218 * |
|
219 */ |
|
220 void ExtractKeysAndCerts(); |
|
221 |
|
222 |
|
223 /** |
|
224 * Prompt for PKCS#12 package password. |
|
225 * @return The password. Memory control is transferred to the caller. |
|
226 */ |
|
227 HBufC* QueryPasswordL(); |
|
228 |
|
229 /** |
|
230 * Performs PKI applicability set operation for the given |
|
231 * certificate. Locally stored applicability values will be used. |
|
232 * If no applicability values have been given, defaults to none. |
|
233 * |
|
234 * @param aCert The certificate for which the |
|
235 * |
|
236 */ |
|
237 void SetApplicabilityL(CX509Certificate* aCert); |
|
238 |
|
239 /** |
|
240 * Performs PKI deletable set operation for the given |
|
241 * certificate. Locally stored deletable value will be used. |
|
242 * If the value hasn't been set, defaults to ETrue (deletable). |
|
243 * |
|
244 * @param aCert The certificate for which the |
|
245 * |
|
246 */ |
|
247 void SetDeletable(CX509Certificate* aCert); |
|
248 |
|
249 /** |
|
250 * Pops the "wrong password" note on screen. |
|
251 */ |
|
252 void DisplayWrongPasswordNote(); |
|
253 |
|
254 /** |
|
255 * Extracts the security objects from PKCS#12 bundle to |
|
256 * memory. |
|
257 * |
|
258 * @param aData the PKCS#12 raw data |
|
259 * @param aPwd the PKCS#12 password or KNullDesC |
|
260 * |
|
261 * @leave May leave due to cancel (KErrCancel), |
|
262 * due to corrupted PKCS#12 data (KErrNotSupported), |
|
263 * due to OOM, ... |
|
264 * |
|
265 */ |
|
266 void ExtractSecurityObjectsL(const TDesC8& aData, |
|
267 const TDesC16& aPwd); |
|
268 |
|
269 /** |
|
270 * Dumps all CA and user certificates from memory to local file system |
|
271 * |
|
272 * @leave May leave if write ops fail, or for the usual reasons (OOM etc) |
|
273 */ |
|
274 void SaveCertificatesToDiskL(); |
|
275 |
|
276 /** |
|
277 * Dumps all private keys to local file system. |
|
278 * |
|
279 * @leave May leave if write ops fail |
|
280 * |
|
281 */ |
|
282 void SaveKeysToDiskL(); |
|
283 |
|
284 /** |
|
285 * Writes the given binary data to a file |
|
286 * |
|
287 * @leave May leave if write fails |
|
288 * |
|
289 */ |
|
290 void WriteToFileL(const TDesC8& aData, const TDesC& aFileName); |
|
291 |
|
292 ///////////////////////////// |
|
293 // Private data |
|
294 ///////////////////////////// |
|
295 private: |
|
296 |
|
297 RPKIServiceAPI* iPkiService; // ref |
|
298 MPKCS12* iPkcsHandler; |
|
299 |
|
300 const CArrayPtr<CX509Certificate>* iCACerts; // ref |
|
301 const CArrayPtr<CX509Certificate>* iUserCerts; // ref |
|
302 const CArrayPtr<HBufC8>* iPrivKeys; // ref |
|
303 |
|
304 HBufC* iPassword; |
|
305 |
|
306 TBool iDeletable; |
|
307 const RArray<TUid>* iApplications; // ref |
|
308 |
|
309 RNotifier iNotifier; |
|
310 |
|
311 TPckgBuf<TVpnDialogInfo> iDialogInfoDes; |
|
312 TPckgBuf<TVpnDialogOutput> iDialogResponseDes; |
|
313 |
|
314 HBufC* iOutputDir; |
|
315 |
|
316 RFs iFs; |
|
317 RFile iFileOut; |
|
318 }; |
|
319 |
|
320 #endif |
|
321 |