|
1 /* |
|
2 * Copyright (c) 2010 Nokia Corporation and/or its subsidiary(-ies). |
|
3 * All rights reserved. |
|
4 * This component and the accompanying materials are made available |
|
5 * under the terms of "Eclipse Public License v1.0" |
|
6 * which accompanies this distribution, and is available |
|
7 * at the URL "http://www.eclipse.org/legal/epl-v10.html". |
|
8 * |
|
9 * Initial Contributors: |
|
10 * Nokia Corporation - initial contribution. |
|
11 * |
|
12 * Contributors: |
|
13 * |
|
14 * Description: VPN Agile provision Crypto library |
|
15 * |
|
16 */ |
|
17 |
|
18 #include <x509cert.h> |
|
19 |
|
20 #include <x500dn.h> |
|
21 #include <random.h> |
|
22 #include <signed.h> |
|
23 |
|
24 #include "agilecrypto.h" |
|
25 #include "utlcrypto.h" |
|
26 #include "base64.h" |
|
27 #include "pkcs10.h" |
|
28 #include "vpnclientuids.h" |
|
29 |
|
30 |
|
31 |
|
32 |
|
33 EXPORT_C CAgileCryptoCert::~CAgileCryptoCert() |
|
34 /** |
|
35 * Destructor. |
|
36 */ |
|
37 { |
|
38 |
|
39 delete iCertDER; |
|
40 |
|
41 } |
|
42 |
|
43 CAgileCryptoCert::CAgileCryptoCert() |
|
44 { |
|
45 } |
|
46 |
|
47 |
|
48 |
|
49 EXPORT_C CAgileCryptoCert* CAgileCryptoCert::NewL(const TDesC8& aCert, TBool aBase64Encoded) |
|
50 /** |
|
51 * Makes crypto certififate object. |
|
52 * @param aCert Certificate data. |
|
53 * @param aCert aBase64Encoded If ETrue, certificate data is base64 encoded. |
|
54 * @return CAgileCryptoCert* Pointer to crypto certififate object. |
|
55 */ |
|
56 { |
|
57 CAgileCryptoCert* self = new (ELeave) CAgileCryptoCert(); |
|
58 CleanupStack::PushL(self); |
|
59 self->ConstructL(aCert, aBase64Encoded); |
|
60 CleanupStack::Pop(); // self |
|
61 return self; |
|
62 } |
|
63 |
|
64 |
|
65 void CAgileCryptoCert::ConstructL(const TDesC8& aCert, TBool aBase64Encoded) |
|
66 { |
|
67 |
|
68 HBufC8* certDerCodedHBuf; |
|
69 TPtrC8 certDerCoded; |
|
70 |
|
71 if (aBase64Encoded) |
|
72 { |
|
73 TBase64Codec base64Codec; |
|
74 if ((certDerCodedHBuf = base64Codec.Base64DecodeLC(aCert)) == NULL) |
|
75 { |
|
76 User::Leave(KErrNoMemory); |
|
77 } |
|
78 } |
|
79 else |
|
80 { |
|
81 certDerCodedHBuf = aCert.AllocLC(); |
|
82 } |
|
83 certDerCoded.Set(certDerCodedHBuf->Des()); |
|
84 |
|
85 iCertDER = certDerCodedHBuf; |
|
86 |
|
87 CleanupStack::Pop(1); //certDerCodedHBuf |
|
88 } |
|
89 |
|
90 EXPORT_C void CAgileCryptoCert::SaveCACertL(void) |
|
91 /** |
|
92 * Saves server certififate to certificate store. |
|
93 * @return TRetBufCertRef The identifier of the certificate. |
|
94 */ |
|
95 { |
|
96 RPKIServiceAPI pkiServiceApi; |
|
97 CleanupClosePushL(pkiServiceApi); |
|
98 User::LeaveIfError(pkiServiceApi.Connect()); |
|
99 |
|
100 TPtr8 certDERDesc(iCertDER->Des()); |
|
101 TRequestStatus requestStatus; |
|
102 TAny* resArray; |
|
103 TUint keySize = 0; |
|
104 pkiServiceApi.StoreCertificateL(EPKICACertificate, |
|
105 keySize, |
|
106 EPKIRSA, |
|
107 certDERDesc, |
|
108 &resArray, |
|
109 requestStatus); |
|
110 User::WaitForRequest(requestStatus); |
|
111 pkiServiceApi.Finalize(resArray); |
|
112 TInt status = requestStatus.Int(); |
|
113 if (status != KErrNone) |
|
114 { |
|
115 User::Leave(status); |
|
116 } |
|
117 |
|
118 |
|
119 // Set VPN trusted |
|
120 CX509Certificate* tempCert = CX509Certificate::NewLC(certDERDesc); |
|
121 RArray<TUid> appArray; |
|
122 CleanupClosePushL(appArray); |
|
123 appArray.AppendL(TUid::Uid(KUidVpnManager)); |
|
124 |
|
125 const TPtrC8* serialNumber = tempCert->DataElementEncoding( |
|
126 CX509Certificate::ESerialNumber); |
|
127 const TPtrC8* issuername = tempCert->DataElementEncoding( |
|
128 CX509Certificate::EIssuerName); |
|
129 |
|
130 pkiServiceApi.SetApplicabilityL( |
|
131 *issuername, |
|
132 *serialNumber, |
|
133 appArray); |
|
134 |
|
135 CleanupStack::PopAndDestroy(3); // appArray, tempCert, pkiServiceApi |
|
136 |
|
137 } |
|
138 |
|
139 EXPORT_C void CAgileCryptoCert::SaveClientCertL(const TPrivKeyRef& aKeyId, TUint aKeySize) |
|
140 /** |
|
141 * Saves client certififate to certificate store. |
|
142 * @param aKeyId Private key identifier. |
|
143 * @param aKeySize Private key size. |
|
144 * @return TRetBufCertRef The identifier of the certificate |
|
145 */ |
|
146 { |
|
147 RPKIServiceAPI pkiServiceApi; |
|
148 CleanupClosePushL(pkiServiceApi); |
|
149 User::LeaveIfError(pkiServiceApi.Connect()); |
|
150 |
|
151 TPtr8 certDERDesc(iCertDER->Des()); |
|
152 TRequestStatus requestStatus; |
|
153 TAny* resArray; |
|
154 pkiServiceApi.AttachCertificateL(aKeyId, |
|
155 aKeySize, |
|
156 EPKIRSA, |
|
157 certDERDesc, |
|
158 &resArray, |
|
159 requestStatus); |
|
160 User::WaitForRequest(requestStatus); |
|
161 pkiServiceApi.Finalize(resArray); |
|
162 TInt status = requestStatus.Int(); |
|
163 if (status != KErrNone) |
|
164 User::LeaveIfError(status); |
|
165 |
|
166 CleanupStack::PopAndDestroy(); //pkiServiceApi |
|
167 |
|
168 |
|
169 } |
|
170 |
|
171 EXPORT_C CAgileCryptoPrivKey* CAgileCryptoPrivKey::NewL(void) |
|
172 /** |
|
173 * Makes crypto private key object. |
|
174 * @return CAgileCryptoPrivKey* Pointer to crypto private key object. |
|
175 */ |
|
176 { |
|
177 CAgileCryptoPrivKey* self = new (ELeave) CAgileCryptoPrivKey(); |
|
178 CleanupStack::PushL(self); |
|
179 self->ConstructL(); |
|
180 CleanupStack::Pop(); // self |
|
181 return self; |
|
182 } |
|
183 |
|
184 void CAgileCryptoPrivKey::ConstructL(void) |
|
185 { |
|
186 User::LeaveIfError(iPkiServiceApi.Connect()); |
|
187 } |
|
188 |
|
189 |
|
190 CAgileCryptoPrivKey::CAgileCryptoPrivKey() |
|
191 { |
|
192 ; |
|
193 } |
|
194 |
|
195 EXPORT_C CAgileCryptoPrivKey::~CAgileCryptoPrivKey() |
|
196 /** |
|
197 * Destructor. |
|
198 */ |
|
199 { |
|
200 iPkiServiceApi.Close(); |
|
201 } |
|
202 |
|
203 |
|
204 EXPORT_C void CAgileCryptoPrivKey::GenerateCertReqL(const TDesC8& aDistinguishedName, |
|
205 const TDesC8& aSubjectAltNameRfc822, |
|
206 const TDesC8& aChallengePassword, |
|
207 const TDesC8& aDnsName, |
|
208 const TPrivKeyRef& aKeyId, |
|
209 TDes& aCertReqRef, |
|
210 TInt& aCertReqSize) |
|
211 /** |
|
212 * Creates certificate request. |
|
213 * @param aDistinguishedName Subject name of the certificate owner. |
|
214 * @param aSubjectAltNameRfc822 SubjectAlt name of the certificate owner. |
|
215 * @param aChallengePassword ChallengePw of the certificate owner. |
|
216 * @param aDnsName DNS name of the certificate owner. |
|
217 * @param aKeyId KeyId of the key for which the certificate will be generated. |
|
218 * @param aCertReqRef The identifier of created certificate request (output parameter). |
|
219 * @param aCertReqSize The size of created certificate request (output parameter). |
|
220 * @return TErrCode KErrNone, if OK. |
|
221 */ |
|
222 { |
|
223 |
|
224 iPkiServiceApi.CreateAndSaveCertificateRequestL(aKeyId, |
|
225 aDistinguishedName, |
|
226 aSubjectAltNameRfc822, |
|
227 aChallengePassword, |
|
228 aDnsName, |
|
229 aCertReqRef, |
|
230 aCertReqSize); |
|
231 |
|
232 } |
|
233 |
|
234 EXPORT_C TRetBufCertReq CAgileCryptoPrivKey::ReadCertReqL(const TDesC& aCertReqRef, TInt aCertReqSize) |
|
235 /** |
|
236 * Reads certififate certificate. |
|
237 * @param aCertReqRef Certificate request identifier. |
|
238 * @param aCertReqSize The size of the certificate request. |
|
239 * @return TRetBufCertReq Certificate request. |
|
240 */ |
|
241 { |
|
242 HBufC8* certRequest = HBufC8::NewLC(aCertReqSize); |
|
243 TPtr8 certRequestDesc(certRequest->Des()); |
|
244 |
|
245 |
|
246 TInt status = iPkiServiceApi.ReadCertificateRequest(aCertReqRef, |
|
247 certRequestDesc); |
|
248 if (status != KErrNone) |
|
249 { |
|
250 User::Leave(KAgileErrCryptoReadCertRequestFailed); |
|
251 } |
|
252 CleanupStack::Pop(); //certRequest |
|
253 |
|
254 return certRequest; |
|
255 } |
|
256 |
|
257 RPKIServiceAPI CAgileCryptoPrivKey::GetPkiService() |
|
258 { |
|
259 return iPkiServiceApi; |
|
260 } |
|
261 |
|
262 |
|
263 EXPORT_C CAgileCryptoGenerateKeypair* CAgileCryptoGenerateKeypair::NewL(CAgileCryptoPrivKey* aAgileCryptoPrivKey) |
|
264 /** |
|
265 * Makes crypto generate key pair object. |
|
266 * @param aAgileCryptoPrivKey Crypto private key object (contains session to PKI service). |
|
267 * @return CAgileCryptoGenerateKeypair crypto generate key pair object. |
|
268 */ |
|
269 { |
|
270 CAgileCryptoGenerateKeypair* self = new (ELeave) CAgileCryptoGenerateKeypair(aAgileCryptoPrivKey); |
|
271 CleanupStack::PushL(self); |
|
272 self->ConstructL(); |
|
273 CleanupStack::Pop(); // self |
|
274 return self; |
|
275 } |
|
276 |
|
277 void CAgileCryptoGenerateKeypair::ConstructL(void) |
|
278 { |
|
279 ; |
|
280 } |
|
281 |
|
282 |
|
283 CAgileCryptoGenerateKeypair::CAgileCryptoGenerateKeypair(CAgileCryptoPrivKey* aAgileCryptoPrivKey) |
|
284 : iAgileCryptoPrivKey(aAgileCryptoPrivKey) |
|
285 { |
|
286 ; |
|
287 } |
|
288 |
|
289 EXPORT_C TErrCode CAgileCryptoGenerateKeypair::GenerateKeypairL(const TInt& aPublicKeyLen, |
|
290 TPrivKeyRef& aKeyId, |
|
291 TRequestStatus& aStatus) |
|
292 /** |
|
293 * Generates key pair. |
|
294 * @param aPublicKeyLen The length of public key. |
|
295 * @param aKeyId Key pair (private key) identifier (output parameter). |
|
296 * @param aStatus Asynchronous request status. |
|
297 * @return TErrCode KErrNone, if OK. |
|
298 */ |
|
299 { |
|
300 // aStatus = KRequestPending; |
|
301 |
|
302 iAgileCryptoPrivKey->GetPkiService().GenerateKeypair(aKeyId, |
|
303 (TUint)aPublicKeyLen, |
|
304 EPKIRSA, |
|
305 //&iResArray, |
|
306 aStatus); |
|
307 return 0; |
|
308 } |
|
309 |
|
310 EXPORT_C void CAgileCryptoGenerateKeypair::GenerateKeypairCancel(void) |
|
311 /** |
|
312 * Cancels operation. |
|
313 */ |
|
314 { |
|
315 iAgileCryptoPrivKey->GetPkiService().CancelPendingOperation(); |
|
316 } |
|
317 |